Skip to main content

Privacy Shield Invalidated - On.Board incorporates Standard Contractual Clauses

Robert Luhse
Updated

Dear On.Board customer,

We hope that you and your colleagues are coping well with the current challenges caused by COVID-19.

With everything going on, you may or may not be aware of some recent changes regarding the transfer of data to the US from the UK and the EU. We have consulted with our legal experts. Although there is no need to worry unduly at this stage, we felt that it was important to keep you up to date with what is happening out there.

The current situation:

On July 16, 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield. This decision affects more than 5,300 companies and data flows underpinning a market worth $7.1tn. Like those companies, Prosell, came under this framework which facilitates transfers of data from Europe to the US.
We have always used Rackspace in the US because of its reputation for high security and compliance with GDPR  (the European Data Protection Regulation).

Although our On.Board clients do not use the platform to share sensitive data we have always believed in applying the highest possible standards of data security. Hence the fact we are both ISO27001 certified and have safeguards in place to comply with GDPR. All of your organisation’s data is encrypted in transit and we constantly monitor and audit security measures that we and all our suppliers implement.

Our response:
In order to remain GDPR compliant following the ruling, we have in place, a Data Processing Addendum with Rackspace, which contains the Standard Contractual Clauses (SCCs) approved by the EU. This ensures that all personal data is protected  in accordance with the GDPR.

Next action:

This invalidation of the EU-US Privacy Shield came as an unexpected event to the thousands of UK, European companies and individuals processing data using US companies and servers based in the US. The current thinking within Supervisory Authorities, lawyers and privacy professionals suggests that we should wait and see what the European Commission and the UK agree with the US before taking any further action. We are also monitoring the data protection implications arising from the Brexit negotiations closely and propose to send a further update later in the year when more information is released.

In the meantime, Prosell and our hosting partner, Rackspace, as the processors of your data, will continue to ensure the security of your data is our top priority. 

Finally, please contact us if you require any more clarity on this topic. We shall of course keep you up to date as matters unfold.
 

Yours sincerely,
Prosell & On.Board security team

Comments

0 comments

Please sign in to leave a comment.