The PrivacyPerfect Solution for Schrems II

On the 16th of July 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield in the Schrems II case, making most EU-US data transfers illegal overnight. The Court has also provided clarification on some extensive hurdles for using its most obvious alternative, Standard Contractual Clauses (SCC). 

With 88% of organisations sharing data outside the EU relying on model contracts to ensure safe processing. The EDPB further highlighted that the Schrems II judgment applies to other transfer mechanisms as well, making  the load on organisations even heavier.

In response to the case, on 11 November 2020, The European Data Protection Board (EDPB) announced that it had adopted two recommendations. One with a step-by-step plan and measures that supplement transfer tools such as SCC to ensure compliance with the EU level of protection of personal data. The other on European Essential Guarantees (EEGs) - standards to ensure that national surveillance measures would not inappropriately impede upon the rights to privacy during international data transfers.


How PrivacyPerfect can help

PrivacyPerfect empowers organisations with customisable and scalable solutions for responding to the Schrems II ruling, ensuring compliance with the GDPR. Headquartered in the EU, we store all user data in the Netherlands, are ISO27001-certified and only use reliable parties for our services.


Explanations and practical insight into the new EDPB recommendations

PrivacyPerfect aims to clarify the recommendations and give you practical insight on how to keep your data transfers compliant.

Click on the following link for our 6-step roadmap for compliant data transfers


Map Processing Activities with the PrivacyPerfect Processing Inventory

Easily map out and inventory the flow of personal data being transferred outside and inside the EU.
See exactly how data flows via auto-generated reports & visualisations

PP_icons_18 (1)

Identify and evaluate transfers & mechanisms

Identify and leverage auto-generated reports based on which recipients use Privacy Shield or SCCs
Evaluate which organisations receive personal data from you, and where they are located
Effortlessly pinpoint and document which recipients are in countries outside the EU


Assess the actual protection of personal data in a country without an adequate level of data protection with our built-in Transfer Impact Assessment

Linked with the Standard Contractual Clauses (SCC)
Risks are automatically identified
Based on a five step process with an embedded scoring mode similar to the process referenced in the EDPB Recommendations
Centralise the TIAs along with the rest of your privacy records.


Assess Recipients Relying on SCCs

Review whether the data transferred to recipients has sufficient protection
Painlessly record or upload the outcomes of your assessment in PrivacyPerfect's registers 

Example Letters:

Interested in GDPR and Data Privacy?

Sign up to our weekly newsletter to keep up with the news on the data privacy industry, enjoy our expert analysis on our blog, or check out our social media streams for all happenings around data protection.


Subscribe now and stay up to date with everything around GDPR and data privacy.


Read expert analyses and guidance on the latest trends related to privacy and data protection.

Social media

Follow us on Linkedin and Twitter for all information about PrivacyPerfect and the GDPR.