Compliance solutions firm RiskBusiness has launched a new GDPR Equivalency Checker, which specifically targets European companies caught by changes to the EU-US Data Privacy Shield Program.
Following a court ruling last year in the Schrems II case, new legislation will come into force from 27 September that will require European firms to assess each data transfer to US and other non-EU countries in compliance with the GDPR.
RiskBusiness said: “The administrative and operational burden of compliance is likely to be considerable and may lead to companies ceasing to transact business outside of the EU.”
Previously, EU and US companies were able to transfer data under the EU-US Data Privacy Shield Program, but the EU Court of Justice ruled against this practice, citing concerns around electronic surveillance by US state and law enforcement agencies.
RiskBusiness’s GDPR Equivalency Checker will become part of its Graci governance, risk, audit and compliance solution, which will automate compliance assessment to determine equivalency for a specific jurisdiction and create a list of required measures where jurisdictions are not equivalent.
Mike Finlay, CEO of RiskBusiness, said: “Schrems II creates two distinctly different compliance obligations. Firstly, the need to ensure adequacy or equivalency and to take proactive action where additional safeguards are required; and secondly, maintaining an ongoing audit trail that appropriate checks were completed in advance of transferring EU citizens data.”
He added that the cost of data compliance for European companies continues to grow.