On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield. More information on the ruling may be found here. As a Privacy Shield member and certification holder, Firstup has reviewed the ruling and decisions made thus far by the court.

To ensure that our customers can lawfully transfer personal data to Firstup from outside of the European Economic Area, we provide adequate protection through a series of intercompany agreements based on the Standard Contractual Clauses (SCCs) authorized under EU law. Firstup understands and agrees to enter into the standard contractual clauses as they relate to privacy and personal data protection subject to GDPR. The clauses are standard and are non-negotiable by either party.

Customer Impact

Current customers have the right to review their contract with Firstup to ensure the standard contractual clauses are in place. Should agreements need to be modified to reflect the new ruling, the Firstup compliance and legal team will work with the customer’s legal team to make appropriate updates. Firstup is reviewing agreements to determine if additional agreements (SCCs) are needed. As more information is released from the court, Firstup will continue to review and make proper adjustments. Additional communication will be issued as needed.

Data Protection and Security

Firstup continues to commit to keeping customer data, including personal data, protected and secured. We maintain compliance with the General Data Protection Regulation (GDPR). Furthermore, Firstup is ISO 27001 certified and maintains SOC 2 Type II compliance, showing that security controls are in place to protect all data that Firstup processes. 

If you have questions, please reach out to your Firstup Account Executive or Customer Success Manager.