Dariusz Czuchij of Dentons writes:
The Polish DPA has recently issued a statement to the effect that all companies which previously relied on Safe Harbor program must be able to demonstrate a valid legal basis – as set out in the Polish Data Protection Act – to legally transfer personal data to the USA.
In the view of the DPA, the ‘grace period’ (lasting until the end of January 2016) mentioned in the recent statement of the A29 Working Party does not allow data controllers to transfer personal data to the USA without meeting at least one of the legal prerequisites set out in the Polish Data Protection Act (i.e. consent, performance of a contract, etc.)
The ‘grace period’, in the opinion of the Polish DPA, should be treated as the maximum point in time until which the data protection authorities of the Member States, as a rule, will not initiate steps to enforce implementation of the Schrems’ judgment.
Read more on Lexology.