The impact of the Schrems II judgment is significant and requires international companies to think hard about their transfers of personal data from the EU. The decision in Schrems II and subsequent guidance has indicated companies need to carry out an assessment of the level of privacy protection in countries outside the EU and where necessary put in place supplementary measures.

Read the insight: Privacy earthquake - GDPR compliance for US companies post-Schrems II

Fallout from the Schrems II Judgment

OneTrust DataGuidance was joined by Sidley and industry speakers for a webinar considering the latest guidance on Schrems II from both European and U.S. authorities and examining how to deal with international data transfers going forward, including the form of assessment now required and updating standard contractual clauses. Sujit Raman, who has just joined Sidley’s Privacy and Cybersecurity practice, also joined the panel. Sujit was previously the Associate Deputy Attorney General at the U.S. Department of Justice (DOJ) and was instrumental in the U.S. government’s Schrems white paper.

Key takeaways included:

• Initial reaction to the EDPB’s newly adopted recommendations  
• Understanding the latest EU and U.S. guidance and its requirements for data transfers from the EU  
• Reviewing what kind of Schrems II assessment should be carried out on data transfers from the EU including to the U.S.  
• Looking at the latest position on the use of standard contractual clauses 

Further Schrems II Judgement Resources

• OneTrust DataGuidance Webinar: Schrems II - Live Reaction and Analysis 
• OneTrust DataGuidance Video: EDPB Schrems II Guidance: What You Need To Know 
• OneTrust DataGuidance Insight: Practical steps post-Schrems II - Reconciling theory with reality 
• OneTrust DataGuidance Blog: The Definitive Guide to Understanding Schrems II 

Watch the Schrems II Fallout webianr above and follow OneTrust DataGuidance on LinkedIn to keep up to date with upcoming webinars, insights, and more.