The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

OneTrust Launches Schrems II Solutions After Landmark EU Judgement

The landmark decision in July from the Court of Justice of the European Union (CJEU) on Schrems II has changed the way that organisations must manage personal data transfers – creating a whole raft of new challenges that firms must urgently address. To legally transfer personal data from the EU to a third country, it must now be shown that the recipient country and company have an equivalent level of data protection to that of GDPR. This means that the most common mechanism for US data transfers, the EU-US Privacy Shield, is essentially invalidated  – and while Standard Contractual Clauses (SSCs) are still usable in theory, that must be evaluated on a case-by-case basis.

The European Data Protection Board (EDPB) recently issued new FAQs on the invalidation of the Privacy Shield, and the wider implications that this may carry for firms seeking to transfer personal data outside of the EU. Although the European Commission is currently working on further guidance, the EDPB have recommended that firms must urgently conduct a risk assessment as to whether their current SSCs provide enough protection within the local legal framework, while the UK’s Information Commissioner’s Office (ICO) has warned firms that they should: “take stock of the international transfers you make and react promptly as guidance and advice becomes available.”

In response, AI-powered data privacy and compliance platform OneTrust this week launched a range of free Schrems II solutions to help organisations respond to the new operational and data challenges posed by the recent ruling. In particular, they are designed to help firms identify existing data transfers and mechanisms, use pre-built templates to assess the validity of those relying on SCCs, and manage any required contract updates and vendor changes. They also seek to help processors implement holistic privacy programs, track guidance on compensating controls for GDPR equivalency, and implement those controls as they are identified.

“The Schrems II ruling presents a brand-new set of challenges and we want to help our customers adapt their processes to continue to transfer personal data in line with the law,” says Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP).

Related content

WEBINAR

Recorded Webinar: Managing the transaction reporting landscape post Brexit: MiFID II, SFTR, EMIR

The transaction reporting landscape has, for many financial institutions, expanded considerably in size since the end of the UK’s Brexit transition period on 31 December 2020 and the resulting need for double reporting of some transactions to both EU and UK authorities. It has also changed dramatically following the UK government’s failure to reach equivalence...

BLOG

Global LEI Foundation Aims to Accelerate LEI Adoption by Slashing Prices of the Identifiers to Single Digit Dollars

The Global LEI Foundation (GLEIF) is planning to tear down the cost barrier obstructing widespread adoption of the LEI with the implementation of a validation agent role for banks and financial institutions. Expectations are that frequently contended high prices charged to register an entity for an LEI – by way of example Bloomberg charges $65...

EVENT

RegTech Summit APAC

RegTech Summit APAC will explore the current regulatory environment in Asia Pacific, the impact of COVID on the RegTech industry and the extent to which the pandemic has acted a catalyst for RegTech adoption in financial markets.

GUIDE

Regulatory Data Handbook 2020/2021 – Eighth Edition

This eighth edition of A-Team Group’s Regulatory Data Handbook is a ‘must-have’ for capital markets participants during this period of unprecedented change. Available free of charge, it profiles every regulation that impacts capital markets data management practices giving you: A detailed overview of each regulation with key dates, data and data management implications, links to...