END OF THE PRIVACY SHIELD:
“With its judgement in the matter of “Schrems II”, the ECJ has created a virtually unsolvable dilemma for data controllers, processors, supervisory authorities, legislators and not least, us consultants. The good news: data transfers to countries such as the USA, China or Russia continue to be possible. However, the bad news is that more time and effort will be required than previously, in order to make these compliant with data protection. No complete solution (one size fits all) can exist for this. In fact, we must make do with industry-specific approaches and partial solutions for each individual case. At DataGuard, we have developed concrete technical, organisational and contractual solutions, which have received a positive response from the supervisory authorities.”
THE CURRENT SITUATION
The judgement of the European Court of Justice (ECJ) on 16 July 2020 regarding the “Schrems II” case has also made big waves outside the data protection world, with its far-reaching implications for international data exchange. But what are the concrete consequences of the Schrems II judgement? What do companies and organisations need to pay attention to in future for data transfers to the USA, as well as to other so-called third countries? And which concrete measures should I take as a data controller?
In this detailed white paper, we are addressing these questions, without making any claim to completeness or conclusive answers. The focus is primarily on the expected practical implications, as well as practical measures for mitigating possible risks. Different interpretations of the judgement and the associated implications are naturally also possible – this is already evident alone from the different opinions of European data protection authorities about this issue. Nevertheless, we are convinced that we are adopting a justifiable and above all, practical, middle course in this paper.