info@winheller.com+49 (0)69 76 75 77 80Mon. - Fri. from 8am to 8pm, Sat. from 8am to 5pm

Challenge in Data Protection: Data Transfer From the EU to the USA and Great Britain

Dec 22, 20 • Privacy LawNo Comments

Challenge in Data Protection: Data Transfer From the EU to the USA and Great BritainCompanies within the European Union are faced with major challenges if they want to transfer personal data from the EU to the USA or the UK. A data transfer takes place, for example, when employee data is exchanged with subsidiaries based there or simply when useful IT tools are applied from companies with offices in these countries (e.g. Gmail, Amazon, Cloud Drive).

Great Britain as a third country under data protection law after Brexit

While the USA have always been regarded as a third country from a European data protection perspective, this will also be the case for Great Britain next year once Brexit has been completed. This has consequences for companies that transfer data to Great Britain. They must implement technical and organizational measures to ensure that an appropriate level of data protection is maintained. As a result, additional investments will be necessary for data protection compliance in 2021. These will, however, stay within a manageable scale as long as it is possible to fall back on familiar structures that have already been established for data export to the USA.

Use of synergy effects for data transfer to the USA

Just like between the EU and the USA, there is currently no decision on adequacy between the EU and Great Britain for the time after Brexit, which guarantees a legal basis for lawful data transfer. After the European Court of Justice declared the EU-US Privacy Shield to be invalid in July 2020, companies had to establish new legal bases for data transfer to the USA and in most cases used adapted standard contractual clauses or binding corporate rules. To ensure an adequate level of data protection when transferring data to the UK, the same basic instruments can be used and synergy effects exploited at the same time, provided that country-specific adjustments are made.

Our experienced attorneys for data protection law will be happy to advise you on how to overcome the challenges that may arise.

Continue reading:
Data Protection: Companies Must Appoint an EU Representative
Three steps to legal certainty in data protection

Olga Stepanova

Olga Stepanova

Attorney Olga Stepanova works for Winheller in the areas of IT law, intellectual property and data protection. Her main fields of expertise include trademark law, copyright law, and competition law.

>> show profile

Leave a Comment

Your email address will not be published. Required fields are marked *

WINHELLER Blog via Newsletter

Subscribe to our free newsletter and receive regular updates on German business law by e-mail. (Mandatory fields are marked with *)

German Business Law News (4 times a year)
I would like to subscribe to the selected newsletter and for that purpose give my consent to WINHELLER to process my above mentioned data. I have read the "Information for Data Processing in the Newsletter Subscription". I understand that I can revoke my consent at any time with effect for the future by clicking the unsubscribe button within the newsletter. *