On the 16th of July 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield in the Schrems II case, making most EU-US data transfers illegal overnight. The Court has also provided clarification on some extensive hurdles for using its most obvious alternative, Standard Contractual Clauses (SCC).
With 88% of organisations sharing data outside the EU relying on model contracts to ensure safe processing. The EDPB further highlighted that the Schrems II judgment applies to other transfer mechanisms as well, making the load on organisations even heavier.
In response to the case, on 11 November 2020, The European Data Protection Board (EDPB) announced that it had adopted two recommendations. One with a step-by-step plan and measures that supplement transfer tools such as SCC to ensure compliance with the EU level of protection of personal data. The other on European Essential Guarantees (EEGs) - standards to ensure that national surveillance measures would not inappropriately impede upon the rights to privacy during international data transfers.
Explanations and practical insight into the new EDPB recommendations
PrivacyPerfect aims to clarify the recommendations and give you practical insight on how to keep your data transfers compliant.
Click on the following link for our 6-step roadmap for compliant data transfers
Map Processing Activities with the PrivacyPerfect Processing Inventory
Easily map out and inventory the flow of personal data being transferred outside and inside the EU.
See exactly how data flows via auto-generated reports & visualisations
Identify and evaluate transfers & mechanisms
Identify and leverage auto-generated reports based on which recipients use Privacy Shield or SCCs
Evaluate which organisations receive personal data from you, and where they are located
Effortlessly pinpoint and document which recipients are in countries outside the EU
Assess the actual protection of personal data in a country without an adequate level of data protection with our built-in Transfer Impact Assessment
Linked with the Standard Contractual Clauses (SCC)
Risks are automatically identified
Based on a five step process with an embedded scoring mode similar to the process referenced in the EDPB Recommendations
Centralise the TIAs along with the rest of your privacy records.
Interested in GDPR and Data Privacy?
Sign up to our weekly newsletter to keep up with the news on the data privacy industry, enjoy our expert analysis on our blog, or check out our social media streams for all happenings around data protection.