作者
Valerie Aumage

Valérie Aumage

合伙人

Read More
作者
Valerie Aumage

Valérie Aumage

合伙人

Read More

2020年11月19日

Data transfers: new tools and new requirements

  • Quick read

Following the CJUE’s ruling in Schrems II, data transfers to the US can no longer be based on the Privacy Shield.

In addition, each data transfer to a third country based on GDPR “appropriate safeguard” (including standard contractual clauses (SCCs) and binding corporate rules (BCRs) must be individually assessed and documented to demonstrate that the law or practice of the third country does not impinge on the effectiveness of the safeguards the parties are relying on. The EDPB published practical recommendations to that end.

These new requirements apply to data transfers to the US, the UK after Brexit (ie from 1 January 2021) and, more generally, to any third country with no adequacy decision.

At the same time, SCCs are being entirely redesigned. Companies using SCCs will therefore need to update them.

The reality check

  • Are data transfers outside the EU (including to the US or the UK after Brexit) clearly identified?
  • Which transfer tools are currently used (SCCs, BCRs, Privacy Shield, adequacy decision…)?
  • Are these tools still appropriate?
  • If not, what is the roadmap for changing them or updating them (update of the SCCs, alternatives to the Privacy Shield, assessment of the law of third countries where data is transferred, implementation of supplementary measures…)?

Taylor Wessing can provide support

  • Audit your specific situation and implement a pragmatic action plan.
  • Choose the right transfer tools or applicable exceptions.
  • Assess and document the effectiveness of SCCs or BCRs in light of the law of the third country where data are transferred.
  • Where applicable, determine and implement the required supplementary measures to ensure an adequate level of protection of transferred data.
  • Identify transfers which can or must be based on the new SCCs, and so much more.

 

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

信息技术

Remote work: how to comply from a data privacy standpoint?

2020年12月7日
Quick read

作者 Valérie Aumage

点击此处了解更多
信息技术

Newsletter IT - Data Privacy n° 2

2020年11月23日
In-depth analysis

作者 Valérie Aumage

点击此处了解更多
数据保护与网络

Cookies and trackers: it is not too late to comply

2020年11月19日
Quick read

作者 Valérie Aumage

点击此处了解更多