Secure, custom controls for data exporters and importers
Take control over your data. Create or revoke encryption keys, choose your environment for deployment, and build organizational measures by default using updated Standard Contractual Clauses (SCCs).
Document and visualize international data flows, data importers, and the third countries involved. Assess third countries, identify those without adequate protection, and send additional TIAs to vendors as necessary. Access vendor transparency reports, certifications, and pre-filled TIAs from the OneTrust platform.
Minimize data privacy risks with pre-built templates based on EDPB guidelines to determine needed supplementary measures. Track implemented controls and contact updates with a centralized vendor record.
Monitor third countries and evaluate new transfers to ensure that supplementary measures remain effective. Manage the full third-party vendor lifecycle, including onboarding and offboarding.
Generate transparency reports, SCCs, and other privacy documentation with editable templates and publish them to the Third-Party Risk Exchange, making it visible to other organizations.
Streamline TIAs by centralizing assessments and using AI to automatically fill in new questionnaires based on your responses.
Understanding the EU Data Boundary
Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.
The Schrems II decision had a significant impact on how companies manage transatlantic data transfers. We cover some of the basics below.
It is a ruling made by the Court of Justice of the European Union (CJEU) in July 2020 that invalidated the EU-US Privacy Shield. As a result, organizations must find alternative data transfer mechanisms to comply with General Data Protection Regulation’s (GDPR) data privacy requirements. Standard contractual clauses (SCCs) can still be valid under the GDPR but would have to be assessed on a case-by-case basis.
The Schrems II decision is named after Max Schrems, an Austrian privacy advocate who raised concerns over the US’s surveillance laws and Facebook Ireland’s use of Europeans’ personal data. A previous case involving Schrems, known as “Schrems I,” invalidated the Privacy Shield’s predecessor, the Safe Harbor mechanism.
After the Schrems II decision, the European Data Protection Board (EDPB) published a roadmap to help organizations comply with EU law and ensure safe transfer of personal data. Among other things, the EDPB suggests that companies assess the third countries that they are transferring data to and determine if their privacy laws are sufficient. If a third country does not provide an adequate level of data protection, then companies should take supplementary measures and additional safeguards, such as establishing SCCs, binding corporate rules (BCRs), or ad-hoc contractual causes.
We operationalize the requirements through our Privacy and Data Governance Cloud. From a single platform you can automatically map data, assess vendors and third countries, and control policies and documentation. You can also stay up to date with the latest regulatory changes with DataGuidance, our regulatory research center built by legal experts from around the world.
Ready to get started?
Request a free demo today to see how OneTrust can guide your trust transformation journey.
Our privacy center makes it easy to see how
we collect and use your information.
When we collect your personal information, we always inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.