The CJEU today issued its judgment in the Schrems II case, invalidating the EU-US Privacy Shield. For now, the CJEU upheld the use of Standard Contractual Clauses (SCCs), but it added new considerations for organisations and authorities using SCCs as the transfer mechanism of choice.
The ruling invalidates Privacy Shield as a method for cross-border data transfers and can have a wide-ranging impact on privacy professionals. Many companies rely in some part on Privacy Shield to conduct global business, operate in the cloud, and work with vendors.
Related: Watch the instant replay webinar: Post-Decision Coverage, Schrems II Reaction & Analysis featuring CPOs from Mastercard, Walgreens Boots Alliance, Biogen, and more.
Eduardo Ustaran, Partner and Global Co-Head of the Privacy and Cybersecurity practice at Hogan Lovells, put it best: “The impact of this decision is immediate and global. It goes significantly further than the invalidation of the Privacy Shield as it requires companies to bear in mind other countries’ powers over data access when engaging in global data flows. This is a big job.”
Related: Learn more about OneTrust’s commitment in our Trust Portal
OneTrust is committed to helping our customers navigate the “big job” ahead, and today announced we will expand the EU-hosting options we have available today to offer a containerized EU solution in response to the Schrems II decision.
This expansion will support our customers as they respond to the business impact following the invalidation of Privacy Shield.
Related: Register for the webinar What Schrems II Means for Your Privacy Program on Thursday, 23 July at 16:00 BST / 11:00 am ET
OneTrust was the first company in the world to achieve ISO 27701 certification – the privacy extension of the ISO 27001. We have a demonstrated track record of building technology based on high privacy and security standards.
Our customers can start using our solutions today to get ready for the Schrems II impact on their business. Our suite of solutions can help determine what data you have and how it flows both internally and externally, including:
- OneTrust DataDiscovery: our AI-powered discovery and classification tech finds personal data and the IT systems that contain it, helping you to understand where personal data resides
- OneTrust Data Mapping: visualize where and how data is transferred and get a clearer view of which processes are impacted by the Privacy Shield invalidation
- OneTrust Vendorpedia: manage vendor relationships, including contracts, DPAs, and data transfer agreements, to be sure vendors are managing global data flows appropriately
Learn more about how OneTrust can help with the Schrems II impact by contacting your AE or visiting our website.