On June 18, 2021, the European Data Protection Board (EDPB) adopted its final Schrems II guidance on supplementary measures to support international data transfers. You can operationalize the EDPB’s guidance today with OneTrust’s expanded Schrems II Solutions which provide both EU exporters and importers with the support they need to comply with the EDPB’s final Schrems II guidance.

 

Finalised EDPB Recommendations Webinar

 

The CJEU’s ruling on the Schrems II case in July 2020 invalidated the EU-US Privacy Shield, meaning that organizations have had to find alternative mechanisms to rely on for the lawful transfer of personal data. In November 2020, the EDPB released draft guidelines on supplementary measures to ensure an appropriate level of protection when personal data is transferred from the EU to a third country. The EDPB has now released its final guidance on supplementary measures, providing exporters and importers with a clear outline to safeguard their data transfers.

What Are the Final EDPB Schrems II Recommendations?

The EDPB’s final Schrems II guidance sets out clear contractual, organizational, and technical measures, including a six step roadmap, that allows data exporters and importers to ensure that their personal data protection is equivalent to the protection offered in the EU. The final guidance highlights the following updates:

OneTrust’s expanded Schrems II Solutions support both data exporters and importers to implement the EDPB’s guidance with an enhanced set of tools, guidance, and templates, all available on the platform today.

How Do OneTrust’s Expanded Schrems II Solutions Support Exporters?

Data exporters can leverage OneTrust’s Schrems II Solutions to implement the EDPB’s six-step roadmap. With pre-built templates, exporters can assess third countries, carry out Transfer Impact Assessments (TIAs), and evaluate the effectiveness of their supplementary measures.

OneTrust helps exporters with a range of tasks, including:

How Can Importers Leverage OneTrust’s Expanded Schrems II Solutions?

OneTrust helps data importers ensure that appropriate operational processes, technical controls, and compliance mechanisms have been implemented across their organization. Importers can also leverage OneTrust’s expanded Schrems II Solutions for support with specific challenges posed by the Schrems II decision and the EDPB’s final guidelines, including:

 

Finalised EDPB Recommendations Webinar

 

The Schrems II decision continues to pose operational challenges for organizations, but the EDPB’s final guidance on supplementary measures provide much needed guidance on the future of safe and lawful international data transfers to third countries. For information on how OneTrust can support compliance with the Schrems II decision and the EDPB’s latest guidance, check out OneTrust’s Schrems II Solutions.

Further reading on EDPB Final Schrems II Guidance:

Next steps on EDPB Final Schrems II Guidance:

Follow OneTrust on LinkedInTwitter, or YouTube for the latest on the EDPB’s final Schrems II Guidance.