- EDPB guidance on ensuring compliance for international data transfers following Schrems II
- What are the key points from the recommendations?
- The (devil is in the) detail
- What do the recommendations say about supplementary measures?
- Types of supplementary measure
- Procedural steps relating to supplementary measures
- What do the recommendations say about data in transit?
- How helpful is the new guidance in practice?
Information Law analysis: The judgment from the Court of Justice in Data Protection Commissioner v Facebook Ireland Ltd, Maximillian Schrems, Case C-311/18 (commonly known as ‘Schrems II’) raised the bar for transfers of personal data to third countries under the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) by making clear that where Standard Contractual Clauses (SCCs) and other appropriate safeguards are being used, a level of due diligence needs to take place before any transfer can be made. This is to ensure that personal data originating in the EEA always carries with it protections which are essentially equivalent to those in the EEA. To help data exporters in that assessment, the European Data Protection Board (EDPB) has now issued guidance (Recommendations 01/2020) on how to carry out the due diligence exercise in practice and the supplementary measures which can be used to help achieve compliant transfers. Miriam Everett, partner and head of Data Protection and Privacy and Hannah Brown, associate, Digital, TMT, Sourcing and Data of Herbert Smith Freehills explain the new guidance.
Sign in or take a trial to read the full analysis.
To continue reading this news article, as well as thousands of others like it, sign in to LexisPSL or register for a free trial