E-Book

The end of the Privacy Shield

Recommendations for international data transfers

In this e-book, you'll learn:

  • What implications the decision of the European Court of Justice (ECJ) in the case "Schrems II" has for companies and organisations.
  • What you need to consider when transmitting data abroad.
  • Which measures you should take as a data processor.
Look Inside SCHREMS II – The end of 
the Privacy Shield – 1 UK.webp.webp
Look Inside SCHREMS II – The end of 
the Privacy Shield – 2 UK.webp.webp
Look Inside SCHREMS II – The end of 
the Privacy Shield – 3 UK.webp.webp
Look Inside SCHREMS II – The end of 
the Privacy Shield – 4 UK.webp.webp

The European Court of Justice (ECJ) ruling on the "Schrems II" case, brought about by privacy advocate Max Schrems, resulted in the end of the Privacy Shield. We address key questions, without making any claim to completeness or conclusive answers. This whitepaper focuses on the expected practical implications, as well as practical measures for mitigating possible risks.

  1. Examination of possible restrictions/terminations of the third country transfer (particularly to the U.S.)
  2. Switch from Privacy Shield to Standard Contractual Clauses
  3. Implementation of additional technical measures prior to third country transfers (particularly to the U.S.)
  4. Directives and requirements for all data importers (particularly processors)
  5. Directives and requirements specifically for processors and sub-processors
  1. Use of additional contractual clauses for processing contracts and SCC (Standard Contractual Clauses)
  2. Use of the derogation rules in Art. 49 GDPR
  3. Consideration of alternative providers
  4. Examination and adaptation of Binding Corporate Rules (BCRs)
  5. Examination and adaptation of the privacy policies (particularly on websites and apps)
  6. Updating the records of processing activities