On July 16th, the Court of Justice of the European Union (CJEU) removed the EU - U.S. Privacy Shield Framework as an acceptable transfer of personal data from the EU to the US under the GDPR.
Privacy Shield has been a key component of how KnowledgeOwl has handled our GDPR compliance, so we've been closely watching the interpretation and recommendations from this decision. We've made some updates that impact our customers bound by GDPR and wanted to be sure you're aware of them. (If you aren't bound by GDPR, you can skip the rest of this release note!)
While the CJEU struck down Privacy Shield, they also affirmed that Standard Contractual Clauses (SCCs) are still a valid transfer mechanism for GDPR. Companies governed by GDPR will need to assess both the SCCs and the circumstances around the disclosure to ensure compliance.
For a far better write-up of this decision, please see Bloomberg Law's Privacy Shield Downfall Hits Companies Sharing Data with EU.
Next steps
To remain GDPR compliant, we've adopted Standard Contractual Clauses as part of our Data Processing Addendum (DPA).
If your company is within the European Union or is otherwise bound by GDPR, we encourage you to review and/or sign our updated Data Processing Addendum (DPA).
We are continuing to follow guidance and recommendations on maintaining GDPR compliance, and we'll keep you informed of additional changes we make moving forward.
Let us know if you have any questions or concerns after reviewing the updated DPA.