The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

OneTrust Launches Schrems II Solutions After Landmark EU Judgement

The landmark decision in July from the Court of Justice of the European Union (CJEU) on Schrems II has changed the way that organisations must manage personal data transfers – creating a whole raft of new challenges that firms must urgently address. To legally transfer personal data from the EU to a third country, it must now be shown that the recipient country and company have an equivalent level of data protection to that of GDPR. This means that the most common mechanism for US data transfers, the EU-US Privacy Shield, is essentially invalidated  – and while Standard Contractual Clauses (SSCs) are still usable in theory, that must be evaluated on a case-by-case basis.

The European Data Protection Board (EDPB) recently issued new FAQs on the invalidation of the Privacy Shield, and the wider implications that this may carry for firms seeking to transfer personal data outside of the EU. Although the European Commission is currently working on further guidance, the EDPB have recommended that firms must urgently conduct a risk assessment as to whether their current SSCs provide enough protection within the local legal framework, while the UK’s Information Commissioner’s Office (ICO) has warned firms that they should: “take stock of the international transfers you make and react promptly as guidance and advice becomes available.”

In response, AI-powered data privacy and compliance platform OneTrust this week launched a range of free Schrems II solutions to help organisations respond to the new operational and data challenges posed by the recent ruling. In particular, they are designed to help firms identify existing data transfers and mechanisms, use pre-built templates to assess the validity of those relying on SCCs, and manage any required contract updates and vendor changes. They also seek to help processors implement holistic privacy programs, track guidance on compensating controls for GDPR equivalency, and implement those controls as they are identified.

“The Schrems II ruling presents a brand-new set of challenges and we want to help our customers adapt their processes to continue to transfer personal data in line with the law,” says Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP).

Related content

WEBINAR

Recorded Webinar: Evolution of data management for the buy-side 2021

The buy-side faced a barrage of regulation in 2020 and is now under pressure to make post-Brexit adjustments and complete LIBOR transition by the end of 2021. To ensure compliance and ease the burden of in-house data management, many firms turned to outsourcing and managed services. But there is more to come, as buy-side firms...

BLOG

Blackmore Capital’s Collaboration with OTCfin Completes Integration of ESG Factors into Investment Process

Blackmore Capital, a Melbourne-based asset manager set up in 2018, and New York-based OTCfin have completed the integration of ESG factors with financial data for all Blackmore portfolios. By incorporating ESG factors into Blackmore’s investment process, OTCfin’s risk and regulatory reporting solution will help the asset manager’s team improve portfolio monitoring from both a financial...

EVENT

RegTech Summit Virtual

The RegTech Summit Virtual is a global online event that brings together an exceptional guest speaker line up of RegTech practitioners, regulators, start-ups and solution providers to collaborate and discuss innovative and effective approaches for building a better regulatory environment.

GUIDE

ESG Handbook 2021

A-Team Group’s ESG Handbook 2021 is a ‘must read’ for all capital markets participants, data vendors and solutions providers involved in Environmental, Social and Governance (ESG) investing and product development. It includes extensive coverage of all elements of ESG, from an initial definition and why ESG is important, to existing and emerging regulations, data challenges...