Schrems II Fallout - Dealing With International Transfers Post-Schrems II & Reaction to the EDPB's Recommendations
The impact of Schrems II is significant and requires international companies to think hard about their transfers of personal data from the EU. The decision in Schrems II and subsequent guidance has indicated companies need to carry out an assessment of the level of privacy protection in countries outside the EU and where necessary put in place supplementary measures.
OneTrust DataGuidance was joined by Sidley and industry speakers for a webinar considering the latest guidance on Schrems II from both European and U.S. authorities and examining how to deal with international data transfers going forward, including the form of assessment now required and updating standard contractual clauses. Sujit Raman, who has just joined Sidley’s Privacy and Cybersecurity practice, also joined the panel. Sujit was previously the Associate Deputy Attorney General at the U.S. Department of Justice (DOJ) and was instrumental in the U.S. government’s Schrems white paper.
Key takeaways included:
- Initial reaction to the EDPB’s newly adopted recommendations
- Understanding the latest EU and U.S. guidance and its requirements for data transfers from the EU
- Reviewing what kind of Schrems II assessment should be carried out on data transfers from the EU including to the U.S.
- Looking at the latest position on the use of standard contractual clauses