You will no doubt have seen that the Court of Justice of the European Union (CJEU) recently issued its judgement in the Schrems II case and held that the EU/US Privacy Shield programme was invalid.
The Privacy Shield is one of the mechanisms that can be used by businesses to protect transfers of personal data from the EU to the United States under the GDPR.
Egress Software Technologies, Inc. (our US subsidiary in Massachusetts) has been certified with the EU/US and Swiss/US Privacy Shield Programmes since 2019.
Our commitment to you
Rest assured that if you use our Services to transfer personal data from the EU to the US we remain fully committed to the principles of the Privacy Shield programme, the General Data Protection Regulation and to the protection of the personal data you send, store and share using our Services. Privacy regulations are constantly evolving and we remain alive to the fact that further developments in this area are likely in the coming weeks and months.
What do you need to do?
As part of the decision last week, the CJEU also ruled that the EU Standard Contractual Clauses (SCCs) remain a valid method of protecting international data transfers.
We have recently undertaken a review of our supply chain to ensure that we have SCCs in place with relevant sub-processors involved in the delivery of our Services.
We also provide customers with a Data Protection Addendum (DPA) which contains the SCCs. We therefore ask that, if data transfers to the United States are relevant to your use of our Services, that you check whether you have executed a copy of this document or whether we have already signed the SCCs with you.
If you have not, please do sign a copy of our DPA as soon as you can here.