On July 24, 2020, the European Data Protection Board (the “EDPB”) published Frequently Asked Questions (the “FAQs”) on the judgment of the Court of Justice of the European Union (the “CJEU”) in the Schrems II case (case C-311/18).
In its judgment, handed down on July 16, 2020 (ACS Blog Summary) the CJEU upheld the validity of the Standard Contractual Clauses (the “SCCs”) the European Commission issued to support the lawful transfer of personal data to data processors outside of the EU. At the same time, it struck down the EU-U.S. Privacy Shield framework. The FAQ responds to some of the many questions the Schrems II ruling raises:
The Schrems II ruling changes the regulatory climate, heightens scrutiny, and alters how you comply with GDPR when making data transfers. To assist you in sorting through the implications of the Schrems II ruling for your company’s data transfer practices, click below for the EDPB FAQs, and our webinar on the Schrems II ruling.
To download the EDPB FAQs click here.
To view, the Schrems II ruling click here
We invite you to a 30-minute consultancy to discuss your specific challenges in complying with GDPR post the Schrems II ruling. We can support you in assessing how to mitigate the compliance risk of your existing data transfers strategically, legally, operationally with emphasis on practical solutions.
Achieved Compliance, we make GDPR compliance easy and straight forward.
The European Commission’s announced in December that it has begun its process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (the Framework). Companies seeking to transfer data from countries in the European Union to the United States will need to take steps to be in alignment with this new change.