In July of 2020, The European Court of Justice ruled that the EU-U.S Privacy Shield is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data. The EU-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data.

Most Standard Contractual Clauses bind both parties in relation to them processing data, but they do not bind a third party if that data were to be transferred. The ruling states the exporter must verify “on a case by case” basis what protections apply with that third party.

The Transfer Impact Assessment, now in the Whistic Questionnaire Library, helps the exporter address data protection concerns for any third party transfers and those assessments need to be monitored on an ongoing basis.

See your full security picture with Whistic. Automate your program, assess vendors easily, and start using security to your advantage. Learn more.