The decision creates significant uncertainty for organizations who rely on Safe Harbor either for their own, internal data transfers, or because they use a service provider which, in turn, relies on Safe Harbor to provide adequacy for its transfers to the US. Alternative methods of addressing data transfers will be needed – such as implementing EU Commission approved data transfer agreements, or obtaining individual consent. Although the decision has invalidated Safe Harbor – with immediate effect – organizations will need to look to the reactions of national data protection authorities to determine how urgently to implement alternative data transfer solutions.