Where can I find a list of US companies compliant with the GDPR?

ANSWER

The current list of US companies compliant with the GDPR is available on the US Department of Commerce website.

Under current law, businesses planning to transfer personal data to the United States may do so in compliance with regulations by relying on the adequacy decision of 10 July 2023.

In the current legal situation, choosing this option is considerably simpler than using standard contractual clauses. It is sufficient to check the contractor's presence on the US Department of Commerce list and sign an appropriate agreement. By contrast, using contractual clauses requires additional steps, such as a potential transfer impact assessment (TIA) — see our tool: TIA Calculator.

It should however be borne in mind that although the EU–US Data Privacy Framework constitutes a convenient transfer option, its future may be subject to change. Previous judgments of the Court of Justice of the European Union (CJEU) show that such changes may take effect from the moment a judgment is issued. Bearing this in mind, if giving up transfers to the USA is not possible for business reasons, it is worth monitoring any changes in the law. If necessary, one may return to standard contractual clauses (SCC) or other solutions arising from the current legal situation, e.g. from a "Schrems III" judgment or other CJEU decisions.