Schrems II: Personal Data Transfer Concerns with Your Processors
In the Schrems II case, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield as a lawful mechanism to transfer personal data from the EU to the U.S. under the General Data Protection Regulation. Although the Privacy Shield is no longer a lawful transfer mechanism, the CJEU upheld the use of Standard Contractual Clauses (SCCs) as valid mechanisms. However, organizations relying, or intending to rely, on SCCs, as well as Binding Corporate Rules (BCRs), to transfer personal data from the EU to third countries face legal uncertainty, because they must assess the adequacy of data protection in those other countries.
So, what are organizations doing to address personal data transfer concerns when working with processors? In this webinar, you’ll learn how:
- Leading organizations are navigating the CJEU’s invalidation of the EU-US Privacy Shield in Schrems II
- Organizations should manage their personal data flows from the EU to third countries in the next 30, 60, and 90 days in light of Schrems II
- Organizations can use Privacy Risk Exchanges to reduce personal data transfer risks