Schrems II Action Plan: How Working with Vendors Will Change

Resource Data Transfers Privacy Management

In July 2020, the CJEU’s Schrems II judgment invalidated the EU-US Privacy Shield and required additional safeguards when using standard contractual clauses (SCCs) to transfer personal data from the EU to non-EU/EEA third countries. As a result, many organizations had to find alternative mechanisms to lawfully transfer personal data and evaluate the level of data protection in third countries. Since then, organizations have eagerly waited for the European Data Protection Board (EDPB) to provide clarity in its final Schrems II recommendations on supplementary measures for international personal data transfers. On June 18th, the EDPB released that guidance.


The EDPB’s recommendations outline a six-step roadmap to ensure the lawfulness of personal data transfers and describe specific technical, contractual, and organizational measures data exporters and data importers should consider implementing to ensure that transferred personal data enjoys an essentially equivalent level of data protection as that guaranteed in the EU.


So, what does this mean for your vendor risk management strategy? In this 30-minute webinar, we’ll discuss practical steps for adapting your vendor risk management strategy to meet the EDPB’s guidance. This will include:

  • Overview of the six-step roadmap for international personal data transfers
  • Key aspects to consider for assessing a third-country’s level of personal data protection
  • How to evaluate and adopt supplementary measures for personal data transfers
  • Next steps for your vendor risk management program

Watch Video

Note: All fields marked with * are required

I’d like email updates on local privacy events and news, resources and products to stay connected with my community. Unsubscribe at any time.

I’d like a solution expert to provide product information or show me a custom demo of the OneTrust platform

How would you like us to contact you?

Privacy Notice

You can learn more about how we handle your personal data and your rights by reviewing our privacy notice.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Also Be Interested In


The Ultimate Guide to CCPA Compliance eBook

Data Transfers

Transfer Impact Assessment (TIA) Checklist

WEBINAR | DEC 10, 2021
Privacy Management

The Privacy of Wearable Devices

WEBINAR | DEC 14, 2021
Cookie Consent

Cookies & Tech 2021 Round-Up: Italy, California, Global Privacy Control, Third-Party Cookies & More

WEBINAR | DEC 16, 2021
Consent and Preferences

Capture, Govern, Activate: How to Build a Powerful Marketing Data Strategy in 2022

Privacy Management

5 Steps to Automating FOIA Requests

NOVEMBER 19, 2021

5 Ways to Automate IT Risk Management

WEBINAR | DEC 14, 2021

The CISOs Role in Driving Trust: Why it Matters, How to Define it, and What Success Looks Like

Onetrust All Rights Reserved