Atea values data privacy and being a trustworthy supplier we are committed to keep your data secure. In a recent decision, the European Court of Justice ruled in Case C-311/18 (the “Schrems II case”) that the EU-US Privacy Shield Agreement does not provide adequate protection for personal data when transferred to the US. The invalidation of the Privacy Shield means that personal data controllers within the EU, are no longer allowed to transfer personal data to recipients in the United States on the basis of the Privacy Shield.
Because the court’s judgement had immediate effect, customers have asked how this decision impacts Atea, including our actions taken to ensure that the transfers of data are valid.
Accordingly we review the legal mechanism we use for third-country transfers in our agreements to align with Schrems II court decision. This means that we perform risk assessments for each U.S.- based vendor and sub-processor for required level of protection and use of Standard Contractual Clauses to comply with Chapter V of the General Data Protection Regulation on the transfer of personal data to third countries.