OneTrust today announced a range of free Schrems II Solutions to help organizations respond to the operational challenges posed by the Schrems II decision. These solutions will help organizations identify existing data transfers and mechanisms, use pre-built templates to assess the validity of those relying on Standard Contractual Clauses (SCCs), and manage any required contract updates and vendor changes.
To legally transfer personal data from the EU to a third country, it must be shown that the recipient country and company have an equivalent level of data protection to that of the GDPR. With its judgment on the Schrems II case in July 2020, the Court of Justice of the European Union (CJEU) invalidated and cast doubt upon the two most common mechanisms relied on for transfers the United States: EU-US Privacy Shield and SCCs, respectively. While SCCs are still valid, they will require case-by-case consideration and it is unlikely that SCCs alone will establish GDPR equivalency.
To support the operational challenges posed to organizations by the CJEU’s ruling, OneTrust launched free Schrems II Solutions to assist controllers in identifying and validating data transfers with OneTrust Vendor Risk Management, Vendorpedia Exchange, Data Mapping, and DataGuidance. OneTrust’s Schrems II Solutions will help organizations:
- Identify data transfers and the mechanisms relied upon with OneTrust Data Mapping
- Assess vendors relying on SCCs with pre-built SCC validation templates in OneTrust Vendor Risk Management
- Reduce the burden of these vendor assessments through pre-completed assessments and chasing services in the OneTrust Vendorpedia Exchange
- Manage contract updates and vendor on-boarding and off-boarding through OneTrust Vendor Risk Management
- Get instant alerts on new Schrems II guidance with OneTrust DataGuidance Regulatory Research
OneTrust’s solutions also help processors implement holistic privacy programs, track guidance on compensating controls for GDPR equivalency, and implement those controls as they are identified.
“The Schrems II ruling presents a brand-new set of challenges and we want to help our customers adapt their processes to continue to transfer personal data in line with the law,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “With OneTrust’s Schrems II Solutions, organizations can evaluate alternatives to Privacy Shield and demonstrate accountability when continuing to rely on SCCs for those transfers.”
OneTrust, OneTrust Schrems II Solutions, OneTrust Data Mapping, OneTrust Vendor Risk Management, Vendorpedia, Vendorpedia Exchange, and DataGuidance are registered trademarks or trademarks of OneTrust LLC or its subsidiaries in the United States and other jurisdictions.
OneTrust’s Schrems II Solutions are available today with new templates added over the coming weeks.
OneTrust is the #1 fastest growing and most widely used technology platform to help organizations be more trusted, and operationalize privacy, security, data governance, and compliance programs. More than 6,000 customers, including half of the Fortune 500, use OneTrust to build integrated programs that comply with the CCPA, GDPR, LGPD, PDPA, ISO27001, and hundreds of the world’s privacy, security, and compliance frameworks.
The OneTrust platform is powered by the OneTrust Athena™ AI and robotic automation engine, and our offerings include:
- OneTrust Privacy - Privacy Management Software
- OneTrust PreferenceChoice™ - Consent and Preference Management Software
- OneTrust Vendorpedia™ - Third-Party Risk Management Software and Cyber Risk Exchange
- OneTrust GRC - Integrated Risk Management Software
- OneTrust DataDiscovery™ - AI-Powered Discovery and Classification
- OneTrust DataGovernance - Governance and Metadata Management
- OneTrust Ethics - Compliance and Ethics Software
- OneTrust DataGuidance™ - Regulatory Research Software