Last week we gave you the facts to dispel three common misconceptions about Privacy Shield. This week we are including three more.
1. Model Contractual Clauses (MCCs) & Standard Contractual Clauses (SCCs) are easier than certifying for Privacy Shield.
While your company may have invested in MCCs or SCCs when Safe Harbor was nullified, your work does not stop there. You need to continue updating your contracts on an ongoing basis to ensure continuing compliance. Sabina Jausovec Salinas, Corporate Counsel at Rackspace and Debbie Bromson, Head of Global Privacy at Jazz Pharmaceuticals spoke about why they chose Privacy Shield for their organizations; the webcast recording is available here.
2. MCCs / SCCs are the safest way to go.
The continuing validity of MCCs is now being considered by the European Court of Justice (ECJ). Privacy Shield was drafted by US and European officials specifically to ensure it met the requirements as laid out in the ECJ’s Schrems decision. Many companies who have MCCs / SCCs in place view Privacy Shield as an added layer of protection against new legal action.
3. Privacy Shield Compliance = GDPR Compliance.
While the principles necessary to comply with Privacy Shield are similar to many of the data protection safeguards necessary for GDPR compliance, Privacy Shield only addresses one of the many components of the GDPR (i.e., International Data Transfer) as depicted in this image.
Even with a Privacy Shield certification, you still need to address the remaining components of the GDPR, including DPO Appointment, Consent, PIAs, and many more.