Businesses involved in the trans-Atlantic transfer of personal data can breath slightly easier after the new EU-US Privacy Shield was approved by EU governments.
Much debated in recent months, it nevertheless represents a quite dramatic path from the need arising, to drafting, to approval - just over 9 months. This perhaps highlights how important it was for industry and business for new rules to be adopted that would provide a route to legitimise and protect these transfers after the Safe Harbour rules were ruled unlawful in October last year.
Doubts still remain in some quarters about just how effective the new rules will be and whether they went far enough (some were calling for the US to pass legislation specifically protecting these transfers). On that front only time will tell.
As a nod to those concerns though, one of the key hurdles in recent weeks was the potential for mass surveillance and that appears to have been addressed to a degree in the accepted rules (not as far as some would like, granted).
For now businesses have what they needed. They'll just need to check processes, procedures and contracts to make sure that any requirements under the new rules are met.
Oh, and keep an eye on the Brexit discussions. This will now be added to the list of things we need to sort out if/when we step out of the EU.
The Privacy Shield pact states that data stored in the US about EU citizens must be given "equivalent" protection by law to what it would receive if stored in the EU.