After the ECJ ruling on the removal of the US-EU Privacy Shield

Tobbias Schloemer
Jul 20, 2020 8:21:34 PM
Social Sharing:

What companies now have to consider when it comes to data security and software use

Thought Leader Systems offers EU companies rapid risk assessment and redress

Hattersheim, july 20th 2020 +++ A data transfer based on the EU-US data protection agreement (privacy shield) is not compatible with data protection in the EU. The ruling of the European Court of Justice (ECJ) on 16 July 2020 means that companies now face the challenge of making their data flows secure and legally compliant with immediate effect - otherwise there is a violation of the European Genera Data Protection Regulation (EU-GDPR). The consulting and service company Thought Leader Systems is therefore offering companies a security check of their existing software tools with immediate effect. Software in marketing, sales and customer service that is not legally compliant can be quickly exchanged and data migrated by Thought Leader Systems.

Not surprisingly, the ECJ has declared the Privacy Shield to be ineffective. According to the judges, the informal data protection agreement that was negotiated between the European Union and the USA from 2015 to 2016 does not guarantee an adequate level of data protection. Data transmission and storage in third countries, such as the USA, is from now on only legally compliant if an adequate level of data protection is ensured in the respective country. As far as the USA is concerned, the ECJ judges are not convinced of this. This is because, according to American law, the US government can access the information at will.

It is unclear how the personal data of EU citizens will be protected in future when they are transferred to the USA. One thing is certain: from now on, many data transfers are illegal if the data transfer is based solely on the privacy shield. In such cases, supervisory authorities are required to issue a ban in individual cases if there are indications of a violation of the European General Data Protection Reguation (EU-GDPR).

Thought Leader Systems has received statements from leading American manufacturers of marketing software (marketing automation) and sales software (CRM systems). Only a few manufacturers refer to concrete data protection agreements legitimized by the EU. In contrast, many manufacturers refer to the so-called Standard Contractual Clauses (SCC). The European Commission prescribes such standard contracts in which the data importer, such as a SaaS company in the USA, accepts the regulations applicable in the EU. This would then include Article 4 of the EU-GDPR which states that personal data may not be disclosed without authorisation - but this is more than uncertain when American authorities gain access.

According to EU standard contract clauses, the American software provider and its European customer are jointly and severally liable for any breaches of data protection. In addition, the customer must also check "whether the required level of data protection can be maintained in the target country". How this is to be achieved remains open. No wonder that data protection commissioners in various German states are calling on EU companies to bring their data from the USA to Europe.

Some companies are prepared - others are not
"Especially those companies using SaaS (Software-as-a-Service) software from the USA for the storage of personal data are exposed to the risk of violating EU data protection regulations as a result of the ECJ decision," says Dr. Tobbias Schloemer. For this reason, the Managing Director of the IT and consulting company Thought Leader Systems has been in dialogue with well-known software manufacturers for years: "We have discussed precisely these problems in confidential talks. It was clear to all of us that the Privacy Shield is only on shaky ground. Many manufacturers have already made sure that the data transfer is legally compliant, says Schloemer: "Others, however, are not yet ready. I expect a rapid market shakeout here - especially in the enterprise segment."
It is important that companies now check whether the European data protection standards are being observed with regard to the handling of their personal data. No matter whether it is marketing automation, CRM software, service hubs or a customer data platform. Otherwise there is a risk of fines and injunctions in the worst case.

Thought Leader Systems now offers EU companies the opportunity to quickly check whether their data transfer and the software they use in areas such as marketing, sales and customer service violate the law. If it turns out that the tools used will not be in compliance with the DSGVO in the future, Thought Leader Systems provides recommendations on how companies can best switch to secure software products and data security concepts and, if desired, accompanies upcoming data migrations and software implementations.

Data often lies idle
Although most companies are already paying attention to how they handle their personal data, the ECJ decision means that everything must now be put to the test again. "That is a pity. Because most companies are already working to full capacity with the handling of their data. And the mere existence of the information does not yet help them to use it in a value-adding way," Schloemer knows. Although the data is migrated - in compliance with the law - into some systems, where it simply lies idle. But the actual sense and purpose is lost. Basically, the information is to be used to create added value for the company and ultimately for the customer, says Schloemer: "Digitalization is therefore unfortunately often just an empty phrase. Companies forget to use the data and thus align their processes with the customer. Or they don't get around to it at all."
In order for companies to tap this source of growth, business model, processes, technology, customer relationships and data protection must be digitally optimized and seamlessly coordinated. This requires the right strategy and system architecture, holistic business processes and innovative customer management.

About Thought Leader Systems GmbH
The consulting and service company Thought Leader Systems supports its customers in achieving long-term business goals and serves as a central point of contact for their marketing, sales and IT requirements. The Hattersheim-based company offers the entire "stack" of marketing automation solutions and inbound marketing - from business consulting and technical implementation to training and running business support. With the support of Thought Leader Systems, companies can develop new markets and target groups, maximize market share and promote customer loyalty.

You will find further information and picture material at

Thought Leader Systems GmbH 
Philipp-Reis-Straße 4 
65795 Frankfurt/Hattersheim 

Press contact

Sabine Jobstmann

phone: +49 6190 9747 – 316

mobile: +49 172 / 1684080