𝗦𝗰𝗵𝗿𝗲𝗺𝘀 𝗜𝗜 𝗶𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗲𝗮𝘀𝗶𝗹𝘆 𝗲𝘅𝗽𝗹𝗮𝗶𝗻𝗲𝗱: summary flowchart

In last week pills I shared the full Schrems II decision which invalidates the #PrivacyShield

The judgment has important implications for companies transferring data outside the EU, and potentially on service contracts with non-EU suppliers, in particular contracts for the provision of IT services which provide for the possibility for suppliers’ staff outside Europe to access the data, even if hosted in databases within the European territory.

However, as many struggle to districate within the 63 pages of the CJEU decision to identify what are the actual consequences for their contracts and what happens to the Standard contractual clauses (SCC) which they have in place, here’s a synthetic #flowchart which answers some of the Key FAQs on Scherms II implications.

Shoot me a message for the pdf file

This is just an example of how legal concepts can be made easy, and, as always, make sure to consult your legal advisor to have the full picture.
You can access the full Supervisory Authority FAQs which I used as source here.

We have already been kept really busy this week, and another hot topic we tackled is whether access from foreign personnel to EU databases constitutes a data transfer.

To help organizations identify and manage the privacy risks associated with the transfer of personal data regulated by GDPR to third countries that do not benefit from an adequacy decision by the European Commission, the law firm which I work with has developed an ad-hoc methodology, aligned with the requirements of European legislation following the Schrems II judgment. The methodology provides a basis for exporters and importers of data to assess safeguard measures, taking into account a number of factors, in order to calculate the level of risk of each transfer, and to provide an accurate, consistent, verifiable and defensible basis to support a case-by-case decision to proceed or continue a given transfer. Contact me if you wish to know more.

Get ready to negotiate with your non-EU counter-parties.