Practical advice on international data transfers

The 2020 Schrems II court decision and 2021 Brexit raised many questions about international data transfers. Even whether they are still possible! Look no further than here for true ‘hands-on’ legal and technical tips and advice.

Anneleen Van De Meulebroucke (Eubelius) cut through the legal fog with clear and precise definitions of what constitutes a data transfer (e.g. it includes remote access to personal data stored in the EAA area) and what risks are involved. Schrems II boils down to worries about European personal data getting less protection than guaranteed in Europe. The GDPR already discusses safeguards, including decisions about the adequacy of protection provided, standard contractual clauses (new version in draft) and possibly derogations.
Schrems II adds to this the obligation for companies to check whether supplemental measures are necessary, decide which measures will work (do document this process!) and follow up whether the measures are truly effective once in place. How? Learn about the EPDB recommendation on a six ‘step-by-step’ approach, including some pointers about possible supplemental measures. Furthermore, an example of a ‘real life’ case on the use of AWS, brought to French ‘conseil d’état’ for evaluation, is provided.
Some remarks on (future) aspects of international data transfers to the United Kingdom conclude this exquisitely practical presentation.

In an equally practical vein, Bart van Buitenen (Cranium) discussed Post-Schrems II supplementary measures from a technical perspective. Sadly, he can’t but conclude that based on EPDB guidance ‘full compliance for most common cases […] is currently impossible. However, taking no action is not a viable option. Learn about the use cases as discussed in the EPDB guidance, with related tips about measures that work. There is also a quick overview of additional technical measures as suggested in the draft of new standard contractual clauses.
Point of fact is that in the post-Schrems II era data transfers will not cease. A risk-based approach is crucial and Bart van Buitenen shares his experience-based views on measures that can help reduce the risk. Once again a real help.

Clearly, dealing with the fall-out of Schrems II will be a long-term effort. This session of the Privacy Focus Group provides a valuable and practical primer and a concise starting point for acquiring more insight.



Nos autres articles

How do data protection rights fare in Corona times?

In this GDPR anniversary webinar, three privacy experts focus on the challenges they face when assessing and implementing government measures adopted in the fight against COVID19. The Corona pandemic has risen awareness of the importance of privacy, not only in our private life but also in the employer-employee relationship, and the need for a broader democratic testing of privacy threatening technologies.

EU Cybersecurity Act: moving forward

One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.


Partagez ce contenu avec votre réseau :