Oct 5, 2020 | GDPR

Transferring data to the US

Howard Freeman

Howard Freeman


Assessment and Action Plan

Make sure your EU-US data transfer is lawful 

In July 2020, the European Court of Justice delivered its ruling on the Schrems II case, declaring the EU-US Privacy Shield invalid. The Privacy Shield was one of the three options available to safeguard data passed from the EU to the US and made such transfers lawful.

The EU–US Privacy Shield is now defunct. There is no transition period. International transfers are now under the microscope, therefore, it’s more important than ever to evaluate the lawfulness of your current and future data transfers. This service provides an in-depth assessment of these activities and an action plan to minimise your risks.

EU-US privacy Shield
Data transfers to the US Transferring data to the US
International Transfers
The EU–US Privacy Shield is now defunct. There is no transition period.

Service eligibility 

The service package can be delivered to organisations of any size, and in any sector or industry. 

For organisations with complex criteria, please contact us on 03333 22 1011 for a discussion and quotation. 

Resource requirements 

Firstly, you will need to provide key information for the international transfers project to proceed on schedule and fulfil its objectives. This will be managed to minimise any disruption. However, it is essential that your staff give any requests the appropriate priority. 

Then, you will need an internal project coordinator to host meetings and to ensure all required information is provided on time. We can provide this role as a service if resource isn’t available. The role will ensure that tasks and actions allocated to your staff are carried out as agreed. 

Service description 

We will examine your data transfer activities in depth. It will cover both current data transfers and those yet to begin. We will also look for cross border processing you may not have been aware of.

Subsequently, we will: 

  • Review your records of processing, process maps, and data flow maps to identify your affected processes. 
  • Send questionnaires to your suppliers with a response review. If we carried out your original GDPR work then this won’t be necessary, except in the case of new suppliers.
  • Carry out a gap analysis to identify missing information. 
  • Review your suppliers’ privacy notices and other supporting information.

Once complete, you will receive a clear, actionable report. This will be presented at a meeting be it in person or online. We can then run through the plan and understand where we can help, or where you will use your own resource. If you are likely to be transferring data to the US then this is an important task you need to complete.

Please call for pricing on 03333 22 1011 or contact us here.

This is now a necessary part of your GDPR compliance. However, as a full service business we can help guide you through this without disrupting your business. For pain free GDPR, call us today.


Can we help?