The US "privacy shield" was an agreement between the EU and the US designed to protect data being transferred between the two jurisdictions.

However, the European Court of Justice (ECJ) has struck down the privacy shield as invalid. Burges Salmon's coverage of the judgement can be found here:

The key question for trustees with US beneficiaries or other connections in the US will be "what does this mean for us?".

The short answer is that most trustees, even those with US connections, should not be affected. To the extent that trustees are subject to the GDPR, arguably they can rely upon Article 49(1)(e) for most international data transfers outside of the EEA. That article allows data transfers where they are "necessary for the establishment, exercise or defence of legal claims". 

Our view ( is that any processing by a trustee which is necessary to comply with their fiduciary duties would satisfy the criteria for being necessary for the establishment, exercise or defence of legal claims.

Therefore, provided that trustees are only transferring personal data to the US in accordance with their fiduciary duties, the validity or otherwise of the privacy shield should not be a concern.

A more substantive issue for trustees in the context of international data transfers is the potential need to comply with two separate versions of the GDPR (a UK version and an EU version) when the Brexit transition period comes to an end this year. We can assist any trustees currently considering the implications of this for their operations.