On October 22, 2015, the Czech Data Protection Authority (DPA) sent out letters to companies which are registered as data controllers with the DPA. The letter is essentially a notice to inform such Czech companies about the invalidation of Safe Harbor.
Recommendations
The DPA recommends using EU Model Clauses or BCRs instead for data transfers to third countries. The letter does not require companies to respond to it nor does it stipulate a specific timeline to take actions, neither does it mention any potential enforcement actions. Consequently, the DPA still considers EU Model Clauses as valid tool for data transfers to the US.
Contributors – Patrik Kastner, Milena Hoffmanova
