BRUSSELS (Reuters) - Discussions on a new data transfer pact with the United States should be concluded within three months, the European Commission said on Friday, after a top European Union court struck down the previous agreement on concerns over American spying.

The highest EU court last month ruled that Safe Harbour, a system that for 15 years has helped companies to avoid cumbersome checks to transfer Europeans’ data between offices on both sides of the Atlantic, did not sufficiently protect EU citizens because U.S. authorities had bulk access to the data on national security grounds.

Washington and Brussels have now stepped up negotiations, having been locked in talks to strengthen Safe Harbour after the 2013 revelations of mass U.S. surveillance programmes.

“We need an agreement with our U.S. partners in the next three months,” European Commission Vice-President Andrus Ansip said.

The Commission also issued guidance on Friday to businesses caught out by the ruling about how they could legally continue to transfer Europeans’ data to the United States.

Businesses can use so-called standard contractual clauses or binding corporate rules to transfer data, as well as asking consumers for their consent.

European data protection regulators gave companies a three-month grace period to put in place these alternative mechanisms.

U.S. and EU companies, from Google GOOGL.O to Microsoft MSFT.O, shuffle personal data across the Atlantic on a daily basis, whether it is employee data for multinationals whose human resources functions are in the United States, or user data collected by internet companies for use in the billion-dollar online advertising market.

The Safe Harbour system allowed companies to self-certify that they complied with EU privacy law when transferring EU citizens’ personal data to countries deemed to have insufficient safeguards, which include the United States.

But it came under fire after former U.S. National Security Agency contractor Edward Snowden revealed that U.S. spies harvested Europeans' private information directly from big technology companies such as Apple AAPL.O, Facebook FB.O and Google.

The European Commission demanded guarantees from Washington that the United States would access Europeans’ data only on a targeted basis, something which has held up talks for two years.

“We need a bulletproof solution,” Ansip said, reflecting concerns among officials that a new agreement could again be challenged in court.

EU Justice Commissioner Vera Jourova will travel to Washington next week to continue discussions on a new framework.

“The court ruling is our benchmark in our talks with the United States,” Jourova said at a news conference.

“It is now for the U.S. to come back with their answers.”