Privacy Shield Court Judgement
We are aware of the recent judgment from the European Court regarding the EU-US Privacy Shield. The ICO recommendation at the moment is to take stock of the international transfer that we make and to react promptly as guidance and advice becomes available.
The initial court judgment suggest that SCCs (Standard Contractual Clauses) are the way forward. We are under contract with the majority of our suppliers (as well as them having the Privacy Shield), and we will be updating our List of Suppliers page to reflect this as soon as we can.
We certainly don't anticipate needing to change our suppliers in the light of this judgment. It will rather be a case of updating how we report the legal basis on which we use these services.
We only use fully GDPR compliant suppliers. As both our business and primary servers are located in the EU, we use EU locations wherever possible. However, as many tech companies have some form of presence in the USA, we ensure that any data that is sent there is covered by US-EU Privacy Shield.
We perform an annual review of our suppliers to ensure that they continue to be compliant with our legal requirements. We also receive regular security bulletins from these suppliers.