With the ultimate goal of ensuring that citizens retain control and rights over their personal data, GDPR puts pressure on organizations to change policies regarding its creation, retention, and destruction of citizen data. While enshrined in EU law, the regulation also applies in situations where organizations do not operate exclusively in the European Union (EU) and the European Economic Area (EEA).
On July 16, 2020, the Court of Justice of the European Union issued its decision on Data Protection Commissioner v. Facebook Ireland, Schrems. Known as “Schrems II”, this decision has impacted changes to the European Commission’s GDPR Adequacy Decision for the EU-U.S. Most notably, it invalidates the Privacy Shield Framework which many U.S. organizations relied on to comply with EU data protection rules surrounding cross-border data transfers.
The EJEU decision significantly impacts the Standard Contractual Clauses (SCCs). The SCCs provide safeguards for transfer or access of individual personal data from inside the EEA to outside the EEA to a country that has been deemed not to have adequate data protection laws.
Read all the details in our latest white paper: Beyond GDPR The Next Major Privacy Mandate in 2021.