19. November 2020

Data transfers: new tools and new requirements

  • Quick read

Following the CJUE’s ruling in Schrems II, data transfers to the US can no longer be based on the Privacy Shield.

In addition, each data transfer to a third country based on GDPR “appropriate safeguard” (including standard contractual clauses (SCCs) and binding corporate rules (BCRs) must be individually assessed and documented to demonstrate that the law or practice of the third country does not impinge on the effectiveness of the safeguards the parties are relying on. The EDPB published practical recommendations to that end.

These new requirements apply to data transfers to the US, the UK after Brexit (ie from 1 January 2021) and, more generally, to any third country with no adequacy decision.

At the same time, SCCs are being entirely redesigned. Companies using SCCs will therefore need to update them.

The reality check

  • Are data transfers outside the EU (including to the US or the UK after Brexit) clearly identified?
  • Which transfer tools are currently used (SCCs, BCRs, Privacy Shield, adequacy decision…)?
  • Are these tools still appropriate?
  • If not, what is the roadmap for changing them or updating them (update of the SCCs, alternatives to the Privacy Shield, assessment of the law of third countries where data is transferred, implementation of supplementary measures…)?

Taylor Wessing can provide support

  • Audit your specific situation and implement a pragmatic action plan.
  • Choose the right transfer tools or applicable exceptions.
  • Assess and document the effectiveness of SCCs or BCRs in light of the law of the third country where data are transferred.
  • Where applicable, determine and implement the required supplementary measures to ensure an adequate level of protection of transferred data.
  • Identify transfers which can or must be based on the new SCCs, and so much more.


Call To Action Arrow Image


Wählen Sie aus unserem Angebot Ihre Interessen aus!

Jetzt abonnieren
Jetzt abonnieren

Related Insights


Remote work: how to comply from a data privacy standpoint?

7. Dezember 2020
Quick read
Klicken Sie hier für Details
Datenschutz & Cyber-Sicherheit

Global Data Hub - Health data

27. November 2020
Quick read

von mehreren Autoren

Klicken Sie hier für Details

Newsletter IT - Data Privacy n° 2

23. November 2020
In-depth analysis
Klicken Sie hier für Details