Practical alternatives to Safe Harbor

By | Sunday April 17th, 2016

The European Commission issued a guide for transferring data outside of the EU after Schrems’s sentence: http://europa.eu/rapid/press-release_MEMO-15-6014_en.htm.

We now have two ways: using contractual clauses or binding corporate rules (BCR). These two methods are applicable to all transfers to Countries for which there is not an authorization by the European Commission or a local privacy authority.

Some guidelines are available to help controllers:

Standard contractual clauses are available in other languages than English.

Category: Open Forum Tags: , ,

About Cesare Gallotti

More than 15 years of experience in information security and IT process management. Italian representative in ISO/IEC SC 27 WG1 international meetings for writing ISO/IEC 27000 standard family. Activities in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors. Consultancy, training and audit for: information security, quality, compliance with legal requirements (Personal Data Protection, SOX, etc.), compliance with international standards (ISO 9001, ISO/IEC 27001, ISO/IEC 20000, ISO 22301, etc.), and processes improvement.

2 thoughts on “Practical alternatives to Safe Harbor

  1. Ernesto Falcone

    Buonasera, sono appena entrato in questa community e volevo porre un quesito in merito all’argomento in oggetto.
    Una piccola azienda campana (circa 25 addetti) che utilizza da tempo account email su piattaforma GOOGLE (gmail) ma con estensione @nomeazienda.it , in considerazione del fatto che il Safe Harbour è decaduto e che il Privacy Shield è stato bocciato dal Garante Europeo, come deve regolarsi rispetto al fatto che i propri dati sono tarttati da un’azienda USA su Server probabilmente residenti fuori della UE?

Leave a Reply