This week saw the Irish courts rule in another data protection/privacy ruling brought by Max Schrems.  This time is was 'model clauses' that were the target, following past cases that dismantled the Safe Harbour scheme.

The ruling also took aim at some of the features of the Privacy Shield arrangement, which was brought in to replace the Safe Harbour scheme - therefore, this case is not going to be the final chapter of the story.

For companies, it presents continuing uncertainty over how to handle data transfers to the US from Europe and with GDPR around the corner, with its increased demands and punishments, there is much on the "to do" list for companies with trans-Atlantic presence.

The first step in considering how to approach this, beyond the obvious legal advice, is for companies to fully understand how and where they process data - as without this, the full impact of this judgement and GDPR cannot be certain.  It is not something that should be taken lightly!