OneTrust Schrems II Solutions

With the invalidation of the EU-US Privacy Shield, the Schrems II decision changed the way organizations manage personal data transfers overnight. To legally transfer personal data from the EU to a third country, it must be shown that the recipient country and company have an equivalent level of data protection to that of the GDPR.

With its judgment on the Schrems II case, the CJEU invalidated and cast doubt upon the two most common mechanisms relied on for transfers the United States: EU-US Privacy Shield and SCCs, respectively. While SCCs are still valid, they will require case-by-case consideration and it is unlikely that SCCs alone will establish GDPR equivalency.

Get Started for Free Request a Demo

How OneTrust Helps

OneTrust Schrems II Solutions help controllers and processors respond to the operational challenges posed by the Schrems II decision by helping organizations identify existing data transfers and mechanisms, offering pre-built templates to assess the validity of those relying on Standard Contractual Clauses (SCCs), and managing any required contract updates and vendor changes.

IDENTIFY TRANSFERS

Identify Data Transfers and the Mechanisms Relied Upon

ASSESS VENDORS

Assess Vendors Relying on SCCs with Pre-Built Templates

USE CHASING SERVICES

Reduce the Burden of Vendor Assessments with Vendorpedia

MANAGE RISK & RESPONSE

Update Contracts and Manage Vendor Changes

GET INSTANT UPDATES

Stay Current on Schrems II News and EDPB and DPA Guidance

Get Started for Free Today

Get Free Access to Schrems II Vendor Assessment Templates and More

Get Access

Identify Data Transfers & the Mechanisms Relied Upon with OneTrust Data Mapping

Identify and visualize data transfers from the EU to third countries
Easily filter based on transfer mechanism to prioritize data transfers relying on Privacy Shield, SCCs & BCRs
Document alternative transfer mechanism if relying on Privacy Shield

Assess Vendors Relying on SCCs with OneTrust Vendor Risk Management

Evaluate vendors relying on SCCs with pre-built SCC validation templates
Evaluate third-country equivalency and whether the vendor is bound by government surveillance law
Document additional controls that may be put in place for GDPR equivalent protection

Reduce the Burden of Vendor Assessments with the Vendorpedia Exchange

Leverage assessments-as-a-service through the Vendorpedia Chasing Services
Access pre-completed assessments and vendor profiles on 70,000+ vendors through the Exchange
If we don’t have the assessment you need, our expert chasing agents will work with your vendor to get the assessment completed, saving your team time and effort

Manage Risk and Response to Vendor Assessments

Review risks flagged by vendor assessments and determine next steps through a risk-based approach
Manage contract and DPA updates, and vendor onboarding and offboarding lifecycles
Tie results back into your data map for ongoing monitoring and to keep up-to-date records of processing

Get Instant Updates on Schrems II News and Guidance with OneTrust DataGuidance™

Stay up-to-date with EDPB and DPA guidance
Access our Schrems II portal with the latest news, opinions, and FAQs
Leverage data transfer comparison charts to compare adequacy and equivalency of third-countries
Powered by a contributor network of over 500 lawyers and 40 in-house legal researchers

Access Now

Want to Learn More? Request a 1:1 Demo

Request a Demo to Learn More About How OneTrust Helps Operationalize the Schrems II Decision

Request Demo