Schrems II & Standard Contractual Clauses
On 16 July 2020, the European Court of Justice ruled in what has been referred to as the Schrems II case, meaning that Privacy Shield can no longer be used as the basis for transfer to the USA.
EG has thus ensured that our customers can safely continue to use EG as an IT supplier, as we use a different transfer basis than Privacy Shield when using suppliers from the USA.
EG has agreed with all its suppliers that in general, personal data will only be stored and handled in the EU. It is thus only when updating security systems and other technical updates that personal data can be accessed by employees from third countries, including the USA. In exceptional cases, personal data is stored outside the EU.
Storage and handling of personal data takes place in accordance with the European Commission's Standard Contractual Clauses (SCC) and/or Binding Corporate Rules.
Our subcontractors have adapted to the new rules
All our suppliers outside the EU have adapted to ensure they provide the data subjects with the same level of protection as they would achieve by using a supplier from the EU.
This applies, for example, to Microsoft, which has limited the American authorities from gaining access to personal data and protecting data subjects by bringing a case against the American authorities regarding access to personal data.
You can read more about Microsoft initiatives here.
Similarly, our supplier Twilio has drawn up guidelines that ensure that the authorities can only access personal data when the request is specific and can be verified by the courts. If Twilio receives such an enquiry regarding EG, EG will be informed thereof and EG will immediately inform its customers.
EG checks the individual suppliers' technical and organisational security measures to ensure that our customers' personal data is handled correctly and that our suppliers continue to have a security level that guarantees at least the same level of security as in the EU.
Learn more: Standard Contractual Clauses for data transfers between EU and non-EU countries.
If you want to know more about how EG handles your data, you are welcome to read more on our website.