Re: European Commission daft – official
Who are these "companies that have relied solely on safe harbor"?
Example - Edmodo. Processes the personal data, educational record, interaction between children and teachers for a significant percentage of UK schools. In my local authority - approaching 100%.
Their policy has _NO_ BCRs and relies solely on safe harbor and they were so incompetent that they tried to rub it today with a marketing blurb notifying the parents with "be a good parent, everything is OK" letter to the customer specifying that you really need to worry their are bound by the safe harbor agreement and data transfer is regulated by it.
If I start digging I will quite a few more - most of them funnily enough in local government, administration, call centers, finance, etc sectors.
The big "cloud" players will be fine as they have policies way beyond safe harbor. All the little guys however...