Earlier this month, TrustArc held its third Privacy Risk Summit with over 40 thought-provoking speakers and more than 20 sessions covering numerous privacy topics. The first regulatory session of the summit, “International Data Flows post Schrems-II: What to Expect and What to Forget,” focused on the consequences of the Schrems-II decision from the EU Court of Justice. Session panelist included Peter Blenkinsop (Partner, Faegre Drinker Biddle & Reath), Ignacio Gomez Navarro (Legal Officer, European Data Protection Board), Travis LeBlanc (Board Member, Privacy and Civil Liberties Oversight Board) and moderator Paul Breitbarth (Director, EU Policy & Strategy, TrustArc). The following is a recap of the session highlights.
Peter Blenkinsop discussed what companies should assess if they want to continue to transfer personal data from the European Union to the United States. He explained that companies at all times should meet the requirements of chapter V of the EU General Data Protection Regulation. The main point of concern right now is how to provide appropriate safeguards under article 46: companies will need to select a transfer tool, whether these are standard contractual clauses, binding corporate rules, certifications and codes of conducts or more ad hoc solutions. Since the Schrems-II judgment, they will also need to make a case-by-case assessment to find out if the laws and practices of the third country actually make it possible to execute the agreed appropriate safeguards. To do so, companies will need to map their data flows, both the initial transfers and any subsequent onward transfers. Furthermore, these ..
Support the originator by clicking the read the rest link below.
