On July 24, 2020, the European Data Protection Board (the “EDPB”) published Frequently Asked Questions (the “FAQs”) on the judgment of the Court of Justice of the European Union (the “CJEU”) in the Schrems II case (case C-311/18).
In its judgment, handed down on July 16, 2020 (ACS Blog Summary) the CJEU upheld the validity of the Standard Contractual Clauses (the “SCCs”) the European Commission issued to support the lawful transfer of personal data to data processors outside of the EU. At the same time, it struck down the EU-U.S. Privacy Shield framework. The FAQ responds to some of the many questions the Schrems II ruling raises:
The Schrems II ruling changes the regulatory climate, heightens scrutiny, and alters how you comply with GDPR when making data transfers. To assist you in sorting through the implications of the Schrems II ruling for your company’s data transfer practices, click below for the EDPB FAQs, and our webinar on the Schrems II ruling.
To download the EDPB FAQs click here.
To view, the Schrems II ruling click here
We invite you to a 30-minute consultancy to discuss your specific challenges in complying with GDPR post the Schrems II ruling. We can support you in assessing how to mitigate the compliance risk of your existing data transfers strategically, legally, operationally with emphasis on practical solutions.
Achieved Compliance, we make GDPR compliance easy and straight forward.
While bipartisan legislation to establish a federal privacy law in the United States – the American Data Privacy and Protection Act – moves through Congress, the Federal Trade Commission (FTC) has now taken steps to address existing and emerging issues related to commercial data and to consider the possibility of updating requirements.