Publication
November 13, 2020

Earlier this year, in Schrems II, the Court of Justice of the EU (CJEU) invalidated the EU-US Privacy Shield.[1] That judgment also cast doubt over the validity of standard contractual clauses (SCCs) as a means by which to transfer personal data outside of the EU, in particular to the United States. Unsurprisingly, this has caused concern within organisations who rely on such transfers as part of their business model.

Data protection requirements, imposed by the GDPR, travel with any personal data whenever it is transmitted outside of the EU. Problems arise when an organisation needs to transfer personal data to a jurisdiction where local laws might undermine these protections. Without some way to manage this potential conflict, it was unclear if organisations’ personal data transfers outside of the EU would be able to continue. 

To read the full alert, please click here.