What does Schrems II mean for you?

On July 16, 2020, the Court of Justice of the European Union issued a landmark decision invalidating the EU-US Privacy Shield with immediate effect​.

If your business is one of the more than 5,000 that relied on 'Shield' to transfer personal
data from the EU to the US or you rely on a Shield-certified company to provide services to you,
you have a challenge ahead.

How Sentinel Can Help

If you haven’t already determined the impacts of the Schrems II decision you should be asking yourself the following questions:

  • Have you reviewed your privacy program documentation, including Privacy Notices, to assess impact and potential areas of change?​

  • Have you reviewed your service providers to understand which ones are receiving EU data and rely on Privacy Shield?

  •  Have you reviewed your Data Protection Agreements and vendor assessment process to see whether changes are needed?​

  • Have you performed a current assessment of your data flows from the EU to determine where your data currently flows, what data elements are included in the transfer and where the data resides in the US?​

  • Have you conducted a business impact assessment to determine potential impacts of reconfiguring or stopping data flows?​

  • Have you reviewed how your company receives and manages requests from law enforcement or national security agencies?​

  • Have you reviewed your security controls to ensure your sensitive data is encrypted across all transfers and at rest?

We'd be happy to talk to you about any of the issues above.





Director of Client Services

Director of Client Services

  • Gabriel Scheer
  • Gabriel Scheer


The challenges:

  • What does the decision mean for our organization?​

  • What are our options?​

  • What are our risks?​

  • What are the impacts?

  • Top to bottom review of your privacy program and documentation​

  • Data identification and mapping from the EU to the US​

  • Privacy notice(s) review​

  • Vendor and third-party assessment review​

  • Business impact analysis to empower key stakeholders on decision making​

  • Security controls review to determine level of data protection


The challenges:

  • Implement Standard Contractual Clauses​

  • Implement Binding Corporate Rules​

  • Enhance privacy policies and procedures​

  • Enhance data protection controls

  • Develop and manage project plan and task​

  • Work alongside client stakeholders to complete the work​

  • Identify training requirements; develop and deliver training​

  • Document policies, procedures and processes in order to facilitate continued operations and effectiveness


The challenges:

  • How do we know the controls are effective?​

  • What additional enhancements are required?​

  • Who is responsible and accountable?

  • Provide ongoing staff to support operations (where necessary)​

  • Controls test to ensure program is operational and effective​

  • Set up metrics for ongoing program measurement


Contact Us
If you would like to talk to a member of Sentinel’s privacy team or hear more about how Sentinel can help your organization navigate the impacts from the Schrems II decision, please provide your information and someone from our team will contact you.

Sentinel has a simplified and phased approach to helping clients address the fallout from the Schrems II decision.

Copyright 2020 Sentinel | Privacy Notice