The Privacy Shield Navigator guides users through the recent and complex judgement of the European Court of Justice (C-311/18 – “Schrems II”) on the EU-US Privacy Shield and its implications. First, it assesses whether a business is affected by the Court’s recent decision. It then identifies any data protection gaps in the business’ own contracts. This results in customized guidance to ensure full compliance and close any identified gaps. This application creates individualized recommendations including adjusted data processing agreements which incorporate the new standards regarding data transfer to the US. The Privacy Shield Navigator enables businesses to quickly evaluate their level of data protection and undertake the necessary steps to accommodate the EU’s recent jurisprudence.
Under the EU General Data Protection Regulation (GDPR), the transfer of personal data to a non-EU country may only take place, if the third country in question ensures an adequate level of data protection. Until 16 July 2020, the Privacy Shield constituted the EU Commission’s seal of approval for the US-American data protection standards. It was on the basis of this agreement that many European companies were able to entertain business relations with US-American partners or simply use US software to process personal data. Now that the European Court of Justice declared the Privacy Shield to be invalid, a great number of European companies are facing uncertainties as to how to continue their daily business while remaining compliant with the Court’s decision. The judgment puts the burden of assessing whether the US provides an adequate level of data protection on the individual businesses themselves. It likewise requires every company to ensure that personal data is only transferred to the US if appropriate safeguards are in place.
The Privacy Shield Navigator provides customized answers to these pressing questions. With BRYTER, businesses can build an interactive questionnaire and the tool then analyzes the user’s inputs to determine a company’s current level of data protection regarding the transatlantic transfer of personal data. It automatically detects any possible gaps that might have been created due to the declared invalidity of the Privacy Shield. The tool generates data processing agreements and extended standard contractual clauses which may match a company’s individual processes and policies and equally implement the new standards set up in Schrems II. These generated legal documents are ready to be sent to and signed by the US-American business partners immediately.
How it works
Through a customizable and user-friendly questionnaire, all relevant information regarding the processing and transfer of personal data is collected. The Privacy Shield Navigator then determines whether the new standards set in Schrems II apply to the business in question.
The underlying logic of the tool automatically identifies any potential gaps in data processing agreements or any other data-related contract.
In order to close the identified data protection gaps, the Privacy Shield Navigator generates customized recommendations for the creation of GDPR-compliant environments for the personal data a company transfers to the US. The generated documents are ready for use immediately.