On November 6, 2015, the EU Commission released its guidance for businesses relating to the EU safe harbor.

The commission indicated that since the invalidation of the safe harbor framework, it has “stepped up” talks with the U.S. regarding transfer of data from the EU to the U.S. but acknowledged that global companies were seeking guidance on how to proceed.

The guidance follows the statement made by the Article 29 Working Party (see related post) and acknowledges the goal of having a new framework in place by January 31, 2016, but indicating that the DPAs have authority to enforce improper data transfers.

Meanwhile, the Polish DPA issued a statement last week that referred to the Statement of the Article 29 Working Party indicating that, in the event that no appropriate solution is found with the U.S. authorities by the end of January 2016, and depending upon an assessment of the transfer tools by the Article 29 Working Party, the EU data protection authorities will take all necessary and appropriate actions, which may include coordinated enforcement actions.