EDPB Recommendations to Review International Data Transfers
The Schrems II decision of the Court of Justice of the EU (CJEU) caused quite a stir for organisations that transfer personal data outside the EU. First, the decision invalidated the EU-US Privacy Shield scheme, that was designed to permit transfers between the EU and self-certified organisations in the US. On the other hand, it held that Standard Contractual Clauses (SCC) that had been approved by the European Commission still provide sufficient safeguards, but nevertheless organisations had to assess on a case-by-case basis whether the SCC should be supplemented by additional measures.
The European Data Protection Board (EDPB) has now adopted two recommendations outlining the approach it expects organisations to take when transferring data out of the EU.
Please click below to read our note on the new recommendations adopted by the EDPB.