Start operationalizing the recent Schrems II ruling with OneTrust’s free Schrems II Solutions! The solutions help organizations identify existing data transfer mechanisms, provide pre-built templates to assess the validity of Standard Contractual Clauses (SCCs), and implement any required contract updates and vendor changes.
What is the Schrems II Decision?
The GDPR stipulates that when transferring personal data from the EU to a country that has not been recognized as having an adequate level of protection for personal data (third country), you must be able to demonstrate that the recipient country or company have a level of data protection that is equal to the GDPR, to ensure that the transfer is legal.
The Court of Justice of the European Union (CJEU) reached a judgment on the Schrems II case in July 2020, invalidating and adding constraints to two key transfer mechanisms used for EU-US transfers: Privacy Shield and SCCs. Privacy Shield has been invalidated, so can no longer be used as the transfer mechanism for personal data being transferred to the US from the EU. SCCs are still considered valid but must now be taken on a case-by-case basis.
How Does OneTrust Help with Schrems II Challenges?
The Schrems II ruling poses a new set of challenges, as organizations must now find alternative transfer mechanisms. But don’t worry, OneTrust is here to help! With our new free Schrems II Solutions, controllers can leverage OneTrust Vendor Risk Management, Vendorpedia Exchange, Data Mapping, and DataGuidance to identify and validate data transfers.
OneTrust’s Schrems II Solutions support organizations operationalize a range of changes, including:
- OneTrust Data Mapping: Identify data transfers and the mechanisms they rely upon
- OneTrust Vendor Risk Management: Assess vendors that rely on SCCs with pre-built validation templates and manage contract updates as well as vendor on-boarding and off-boarding
- OneTrustVendorpedia Exchange: Leverage pre-completed vendor assessments and chasing services
- OneTrustDataGuidance Regulatory Research: Stay up to date on the latest Schrems II guidance
Processors can also find the support that they need to operationalize the Schrems II decision. OneTrust Schrems II Solutions help processors implement holistic privacy programs, allowing them to track the relevant guidance and implement compensating controls for GDPR equivalency.