A-Team Insight Blogs

OneTrust Launches Schrems II Solutions After Landmark EU Judgement

The landmark decision in July from the Court of Justice of the European Union (CJEU) on Schrems II has changed the way that organisations must manage personal data transfers – creating a whole raft of new challenges that firms must urgently address. To legally transfer personal data from the EU to a third country, it must now be shown that the recipient country and company have an equivalent level of data protection to that of GDPR. This means that the most common mechanism for US data transfers, the EU-US Privacy Shield, is essentially invalidated  – and while Standard Contractual Clauses (SSCs) are still usable in theory, that must be evaluated on a case-by-case basis.

The European Data Protection Board (EDPB) recently issued new FAQs on the invalidation of the Privacy Shield, and the wider implications that this may carry for firms seeking to transfer personal data outside of the EU. Although the European Commission is currently working on further guidance, the EDPB have recommended that firms must urgently conduct a risk assessment as to whether their current SSCs provide enough protection within the local legal framework, while the UK’s Information Commissioner’s Office (ICO) has warned firms that they should: “take stock of the international transfers you make and react promptly as guidance and advice becomes available.”

In response, AI-powered data privacy and compliance platform OneTrust this week launched a range of free Schrems II solutions to help organisations respond to the new operational and data challenges posed by the recent ruling. In particular, they are designed to help firms identify existing data transfers and mechanisms, use pre-built templates to assess the validity of those relying on SCCs, and manage any required contract updates and vendor changes. They also seek to help processors implement holistic privacy programs, track guidance on compensating controls for GDPR equivalency, and implement those controls as they are identified.

“The Schrems II ruling presents a brand-new set of challenges and we want to help our customers adapt their processes to continue to transfer personal data in line with the law,” says Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP).

Related content

WEBINAR

Upcoming Webinar: Managing the transaction reporting landscape post Brexit: MiFID II, SFTR, EMIR

Date: 16 March 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes The transaction reporting landscape has, for many financial institutions, expanded considerably in size since the end of the UK’s Brexit transition period on 31 December 2020 and the resulting need for double reporting of some transactions to both EU...

BLOG

Bloomberg and UBS Settle Legal Dispute About Breaches of Data Licensing Agreements

The recent settlement of a long-running legal dispute between Bloomberg and UBS highlights the dangers of omitting to put in place watertight data licensing agreements. The settlement, reached on September 30, 2020, finally put to bed arguments over whether the bank breached redistribution clauses of its licensing agreements with Bloomberg. The dispute centred on two...

EVENT

RegTech Summit Virtual

The RegTech Summit Virtual is a global online event that will be held in June 2021 with an exceptional guest speaker line up of RegTech practitioners, regulators, start-ups and solution providers to collaborate and discuss innovative and effective approaches for building a better regulatory environment.

GUIDE

Regulatory Data Handbook 2020/2021 – Eighth Edition

This eighth edition of A-Team Group’s Regulatory Data Handbook is a ‘must-have’ for capital markets participants during this period of unprecedented change. Available free of charge, it profiles every regulation that impacts capital markets data management practices giving you: A detailed overview of each regulation with key dates, data and data management implications, links to...