Schrems II Action Plan: How Working with Vendors Will Change

Resource Data Transfers Privacy Management

In July 2020, the CJEU’s Schrems II judgment invalidated the EU-US Privacy Shield and required additional safeguards when using standard contractual clauses (SCCs) to transfer personal data from the EU to non-EU/EEA third countries. As a result, many organizations had to find alternative mechanisms to lawfully transfer personal data and evaluate the level of data protection in third countries. Since then, organizations have eagerly waited for the European Data Protection Board (EDPB) to provide clarity in its final Schrems II recommendations on supplementary measures for international personal data transfers. On June 18th, the EDPB released that guidance.


The EDPB’s recommendations outline a six-step roadmap to ensure the lawfulness of personal data transfers and describe specific technical, contractual, and organizational measures data exporters and data importers should consider implementing to ensure that transferred personal data enjoys an essentially equivalent level of data protection as that guaranteed in the EU.


So, what does this mean for your vendor risk management strategy? In this 30-minute webinar, we’ll discuss practical steps for adapting your vendor risk management strategy to meet the EDPB’s guidance. This will include:

  • Overview of the six-step roadmap for international personal data transfers
  • Key aspects to consider for assessing a third-country’s level of personal data protection
  • How to evaluate and adopt supplementary measures for personal data transfers
  • Next steps for your vendor risk management program

Watch Video

Note: All fields marked with * are required

I’d like email updates on local events, news, resources and products to stay connected with the OneTrust community. Unsubscribe at any time.

I’d like a solution expert to provide product information or show me a custom demo of the OneTrust platform

How would you like us to contact you?

Privacy Notice

You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Also Be Interested In

WEBINAR | JUN 08, 2022

The New Digital and Data Strategy in the EU and UK: DMA, DSA and the UK Online Safety Bill

GUIDE | MAY 18, 2022
Consent and Preferences

IAB TCF 2.0 Checklist for Publishers

WEBINAR | JUN 01, 2022
Privacy Automation

From Data Compliance to Data Intelligence

WEBINAR | JUN 01, 2022

7 Ways Trusted Brands Promote Their Security, Privacy, Ethics, and ESG Programs

WEBINAR | JUN 01, 2022

Thailand Personal Data Protection Act Takes Effect

Third-Party Risk

OneTrust is a Leader in Third-Party Risk Management Platforms

WEBINAR | MAY 26, 2022

How successful security teams manage risk to build trust and drive growth

WEBINAR | JUN 02, 2022
Privacy Automation

OneTrust and Microsoft Come Together to Automate Employee Rights Requests

Onetrust All Rights Reserved