A-Team Insight Blogs

OneTrust Launches Schrems II Solutions After Landmark EU Judgement

Share article

The landmark decision in July from the Court of Justice of the European Union (CJEU) on Schrems II has changed the way that organisations must manage personal data transfers – creating a whole raft of new challenges that firms must urgently address. To legally transfer personal data from the EU to a third country, it must now be shown that the recipient country and company have an equivalent level of data protection to that of GDPR. This means that the most common mechanism for US data transfers, the EU-US Privacy Shield, is essentially invalidated  – and while Standard Contractual Clauses (SSCs) are still usable in theory, that must be evaluated on a case-by-case basis.

The European Data Protection Board (EDPB) recently issued new FAQs on the invalidation of the Privacy Shield, and the wider implications that this may carry for firms seeking to transfer personal data outside of the EU. Although the European Commission is currently working on further guidance, the EDPB have recommended that firms must urgently conduct a risk assessment as to whether their current SSCs provide enough protection within the local legal framework, while the UK’s Information Commissioner’s Office (ICO) has warned firms that they should: “take stock of the international transfers you make and react promptly as guidance and advice becomes available.”

In response, AI-powered data privacy and compliance platform OneTrust this week launched a range of free Schrems II solutions to help organisations respond to the new operational and data challenges posed by the recent ruling. In particular, they are designed to help firms identify existing data transfers and mechanisms, use pre-built templates to assess the validity of those relying on SCCs, and manage any required contract updates and vendor changes. They also seek to help processors implement holistic privacy programs, track guidance on compensating controls for GDPR equivalency, and implement those controls as they are identified.

“The Schrems II ruling presents a brand-new set of challenges and we want to help our customers adapt their processes to continue to transfer personal data in line with the law,” says Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP).

Related content

WEBINAR

Recorded Webinar: How to turn data lineage from a regulatory response into a business advantage

Regulatory initiatives increasingly require firms to put in place robust data lineage frameworks to aid in understanding the workings behind reported values. But data lineage can add business value beyond regulatory compliance. As they move to automate data lineage processes by incorporating metadata management into their frameworks, firms can start to benefit from enhanced data...

BLOG

FeedStock Joins Red Hat Container Ecosystem

AI-driven data analytics platform Feedstock has completed Red Hat Container certification for its FeedStock Connector and has been published in the Red Hat Ecosystem Catalog. The certification enables FeedStock to use Red Hat’s container registry and deploy Red Hat certified containers in FeedStock’s client environments, enabling frictionless deployment at scale of its automated data management solutions....

EVENT

Data Management Summit USA Virtual

Data Management Summit USA Virtual will explore how sell side and buy side financial institutions are navigating the global crisis and adapting their data strategies to manage in today’s new normal environment.

GUIDE

Entity Data Management Handbook – Sixth Edition

High-profile and punitive penalties handed out to large financial institutions for non-compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations have catapulted entity data management up the business agenda. So, too, have industry and government reports on the staggering sums of money laundered on a global basis. Less apparent, but equally important, are...