Therefore, if the administrators wants to continue to transfer data to the USA, he must do so on the basis of the so-called Standard Contractual Clauses and, through appropriate guarantees and safeguards in the clauses, to ensure a comparable level of personal data protection guaranteed by GDPR in the EU. With respect to USA law, administrators and specific processors in the USA will need to find other appropriate security guarantees, such as storage of the data, including the metadata, only in the EU, the encryption without backdoors, etc., which will provide a comparable level of protection. If this is not possible, the export of data to the USA should not be carried out even using contractual clauses.

We therefore recommend to the all administrators who transfer personal data to the USA, to verify, in cooperation with the data importer, that they meet the new requirements for the export of data to the USA.

For more information please contact

Radek Matouš

Principal Associate | Prague

T:  +420 255 706 554

M: +420 602 167 779

E:  radek.matous@eversheds-sutherland.cz

Petra Kratochvílová

Senior Associate | Prague

T.: +420 255 706 561

M: +420 724 593 617

E: petra.kratochvilova@eversheds-sutherland.cz