Statement on EU-US Privacy Shield Framework
On July 16, 2020, the Court of Justice of the European Union (the “CJEU”) issued a ruling invalidating the EU-US Privacy Shield framework as a proper mechanism for transfers of personal data from the EU to the U.S.. The EU-US Privacy Shield framework has been in place since 2016 and was established to regulate the transatlantic exchanges of personal data between the EU and the U.S.. The framework allowed U.S. companies certified under the program to legitimately receive personal data. As a result of the CJEU’s ruling, organizations can no longer rely on their Privacy Shield certification as a method for transferring personal data from the EU to the U.S.
However, in the same ruling the CJEU upheld Standard Contractual Clauses (SCCs) as a valid transfer mechanism for personal data between the EU and U.S.. SCCs are a set of contract terms created by the European Commission to legitimize the transfer of personal data from the EU to non-EU countries which the European Commission has not deemed adequate for purposes of cross-border transfers of data out of the EU.
We understand that you may have questions as to how this impacts your agreement with RDC since RDC is a Privacy Shield certified organization.
RDC has always been committed to ensuring the protection of the personal data that it collects and processes on behalf of our customers; and therefore, is well positioned to manage this change. In addition to its certification under the EU-US Privacy Shield framework, RDC has been incorporating SCCs into our customer agreements since April 2019 and provides robust privacy and security measures in accordance with GDPR requirements. RDC also has SCCs in place with its major subprocessors. RDC will continue to process all data with protections required under applicable data protection law and upon request will work with our customers to update agreements as necessary with SCCs, as they remain a valid mechanism for data transfer from the EU to the US.
RDC does not anticipate any changes to its services and will continue to maintain the same high level of information security and care when processing personal data.
If you have questions regarding your customer agreement, please contact your account manager or email our Privacy Officer at firstname.lastname@example.org.