One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.
International Data Transfers – Acting on Schrems II & Brexit
25 March 2021 – Cyber Security Coalition
Practical advice on international data transfers
The 2020 Schrems II court decision and 2021 Brexit raised many questions about international data transfers. Even whether they are still possible! Look no further than here for true ‘hands-on’ legal and technical tips and advice.
Anneleen Van De Meulebroucke (Eubelius) cut through the legal fog with clear and precise definitions of what constitutes a data transfer (e.g. it includes remote access to personal data stored in the EAA area) and what risks are involved. Schrems II boils down to worries about European personal data getting less protection than guaranteed in Europe. The GDPR already discusses safeguards, including decisions about the adequacy of protection provided, standard contractual clauses (new version in draft) and possibly derogations.
Schrems II adds to this the obligation for companies to check whether supplemental measures are necessary, decide which measures will work (do document this process!) and follow up whether the measures are truly effective once in place. How? Learn about the EPDB recommendation on a six ‘step-by-step’ approach, including some pointers about possible supplemental measures. Furthermore, an example of a ‘real life’ case on the use of AWS, brought to French ‘conseil d’état’ for evaluation, is provided.
Some remarks on (future) aspects of international data transfers to the United Kingdom conclude this exquisitely practical presentation.
In an equally practical vein, Bart van Buitenen (Cranium) discussed Post-Schrems II supplementary measures from a technical perspective. Sadly, he can’t but conclude that based on EPDB guidance ‘full compliance for most common cases […] is currently impossible. However, taking no action is not a viable option. Learn about the use cases as discussed in the EPDB guidance, with related tips about measures that work. There is also a quick overview of additional technical measures as suggested in the draft of new standard contractual clauses.
Point of fact is that in the post-Schrems II era data transfers will not cease. A risk-based approach is crucial and Bart van Buitenen shares his experience-based views on measures that can help reduce the risk. Once again a real help.
Clearly, dealing with the fall-out of Schrems II will be a long-term effort. This session of the Privacy Focus Group provides a valuable and practical primer and a concise starting point for acquiring more insight.
Other blog posts
The webinar teaches you that information security must be handled in a structured way. Three Coalition members explain how frameworks such as CISM, NIST and ISO 27001 certification can support you in your role as CISO.
Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.