Tag: Schrems II

SaaS Agreements – Data Protection: UK-US Data Bridge

On Friday the 22nd of September the UK agreed its own transfer mechanism which can be used instead of UK standard contractual clauses.

From the 12 October 2023, SaaS Suppliers and SaaS Customers can start to transfer UK personal data to entities located in the USA provided that the US entity is certified under the new “UK Extension to the EU-US Data Privacy Framework” (UK-US Data Bridge).

This now means that all transfers of UK personal data made to US companies certified under the UK-US Data Bridge by SaaS companies will be deemed to be to a third country that has adequate data protection laws.

Once a US organisation has been certified and is publicly placed on the DPF List they can receive EU personal data through the DPF.

Continue reading

SaaS Agreements – Data Protection – Does your DPA and Sub-Processor List need updating?

Meta were fined 1.2 billion Euros for breaches of EU data protection law and for transferring personal data of EU users to the US despite, using standard contractual clauses, (SCCs), having in place supplemental measures and carrying out data transfer impact assessments, (DTIAs). Google has also been pursued in various EU member states for similar breaches.

In light of these decisions, SaaS suppliers should review their own data protection practices and documentation to ensure that they are up to date and comply with the current rules.

Continue reading