How much will Schrems II impact your business?

Deadlines and penalties are approaching.

We help global organizations manage these changes and challenges​​. 

The Schrems II decision invalidated Privacy Shield — a common way to legally transfer personal data from the EU to the US used by thousands of companies with operations in the US. These organizations now have a tight timeline to identify a new transfer mechanism or risk fines of up to 4 percent of worldwide revenue. Many of these companies are turning to Standard Contractual Clauses, which just got an overhaul by the European Commission.  

Given the huge amount of data flowing between the EU and US, enterprises are scrambling to understand how to accommodate all the legal changes and potentially manage updates to volumes of vendor contracts.

We’ve designed our approach around the EDPB’s six-step roadmap for data transfers:  

European Data Protection Board's six-step roadmap for data transfers

1

Know your
transfers

2

Identify

transfer tools

3

Assess
effectiveness of transfer tools

4

Adopt

supplementary

measures

5

Take procedural

steps

6

Re-evaluate at appropriate intervals

Trusted privacy experts + award-winning legal professionals 

Unlike other privacy consultants, we partner with global law firms such as Taylor Wessing, covering dozens of jurisdictions with 1000s of lawyers to give you the best possible solution for your transfer needs.  

Key impacts

Now organizations must:
 

  • Assess international data transfers/transfer mechanisms 

  • Identify and review existing vendor contracts and then manage the complex process of updating them all 

  • Determine what, if any, supplementary measures need to be implemented to address data transfers, including the adoption of the recently released SCCs.

New SCCs must be implemented within 3 months after publication on any new transfer (e.g., by September 2021). There is only an 18-month period to update all existing vendors to the new SCCs. 

 

This unbudgeted burden falls on under-resourced contract management teams who are saddled with outdated vendor management processes and potentially poor vendor data. Costs will climb as the need for legal assistance grows. Plus, you will need to keep your executives in the loop about possible significant disruptions to the business.

 

How we help 

 

As experienced privacy project managers, we use a proprietary methodology to help rapidly respond to the near-term problems of: 

 

  • Assessing international data transfers & transfer mechanisms 

  • Identifying & reviewing existing vendor contracts 

  • Project managing the complex process of getting contracts updated, and more 

Our process can help future-proof the vendor management process and applicable systems in anticipation of additional changes to privacy requirements that will likely occur in future. We’ll help you capture where personal data is transferred, assess data transfers for permissibility, and see to it that internal and external stakeholders are engaged throughout the process.  

 

Contact us today to talk about your level of preparedness or to make sure your organization is ready for the changes ahead.   

Contact us
Have a question about Schrems II or the new SCCs? Let us help.