SlideShare a Scribd company logo

EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?

TrustArc
TrustArc

EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?

Technology
1 of 19
Download to read offline
1 1 © 2021 TrustArc Inc. Proprietary and Confidential Information. EU Update: Applying the new SCCs, or ‘just’ the complete GDPR? 30 June 2021
2 2 Thank You for Joining “The Intersection of Healthcare Data & Privacy: How to Navigate the New Challenges” ● We will be starting a couple minutes after the hour ● This webinar will be recorded and the recording and slides sent out later today ● Please use the GoToWebinar control panel on the right hand side to submit any questions for the speakers
3 3 Speakers Paul Breitbarth Director, Global Policy & EU Strategy TrustArc K Royal Associate General Counsel TrustArc
4 4 Agenda ● Adequacy Decisions ● Standard Contractual Clauses ● EDPB Data Transfer Guidance ● Q&A
5 5 Adequacy Decisions United Kingdom & South Korea 28 June 2021 GDPR Adequacy Decision LED Adequacy Decision 16 June 2021 Draft GDPR Adequacy Decision Images courtesy of the European Commission @EU_Justice
6 6 Standard Contractual Clauses ● DPAs focus so far on data transfers to the United States and China based on SCCs. The main checks seem to be: ○ What kind of personal data is transferred to a third country, with a focus on special categories of personal data; ○ If a data transfer risk assessment has been completed; and ○ If, when using a contractual safeguard, supplementary measures have been considered and put in place. ● Other forms of enforcement action cannot be ruled out. Investigations may be ongoing without having been announced. Observations on Enforcement to Date
7 7 New Standard Contractual Clauses Adopted 4 June 2021 OJ L 199 7.6.2021 p. 31–61
8 8 New Standard Contractual Clauses Section I ● Clause 1 - Purpose and scope ● Clause 2 – Effect and invariability of the Clauses ● Clause 3 – Third-party beneficiaries ● Clause 4 - Interpretation ● Clause 5 - Hierarchy ● Clause 6 - Description of the Transfer ● Clause 7 - Docking Clause Section II - Obligations of the Parties ● Clause 8 - Data Protection Safeguards ○ Module 1: C-C ○ Module 2: C-P ○ Module 3: P-P ○ Module 4: P-C ● Clause 9 – Use of sub-processors ● Clause 10 – Data subject rights ● Clause 11 – Redress ● Clause 12 - Liability ● Clause 13 - Supervision
9 9 New Standard Contractual Clauses Section III – Local laws and obligations in case of access by public authorities ● Clause 14 - Local Laws Affecting Compliance with the Clauses ● Clause 15 – Obligations of the importer in case of access by public authorities Section IV - Final Provisions ● Clause 16 - Non-compliance ● Clause 17 - Governing Law ● Clause 18 - Choice of Forum and Jurisdiction ● Appendix Annex I A. List of Parties B. Description of Transfer C. Competent Supervisory Authority Annex II - Technical and Organisational Measures Annex III - List of Sub-processors
10 10 New Standard Contractual Clauses Scope of application Art. 3(2) GDPR applicable Offering goods/services Monitoring behaviour ↓ Full GDPR applies (Includes art. 32 - Security) Art. 3(2) GDPR applicable Offering goods/services Monitoring behaviour ↓ No transfer options but adequacy No direct GDPR application ↓ Chapter V GDPR applies Transfer Mechanism needed (§7) The standard contractual clauses may be used for such transfers only to the extent that the processing by the importer does not fall within the scope of [the GDPR]. This also includes the transfer of personal data by a controller or processor not established in the Union, to the extent that the processing is subject to [the GDPR] (pursuant to Article 3(2) thereof), because it relates to the offering of goods or services to data subjects in the Union or the monitoring of their behaviour as far as it takes place within the Union.
11 11 New Standard Contractual Clauses Of note: ● Scope of application of the SCCs ○ If the GDPR applies by virtue of Article 3(2) GDPR, SCCs cannot be used ○ SCCs may still be required for onward transfers to processors of the data importer ● Commission maintains the risk-based approach that was previously rejected by the EDPS and EDPB ○ E.g. clause 14(b) under i and iii – For the third country risk assessment, parties will among other things need to take into account the “format” of the data transferred, as well as “contractual, technical or organisational safeguards (…) including during transmission”. ● Strong focus on accountability – numerous documentation requirements, including on the data importer ○ Recital 17 Decision - The parties should be able to demonstrate compliance with the standard contractual clauses. ○ Clause 14(d) – Document the third country risk assessment
12 12 New Standard Contractual Clauses 27 June 2021 The new SCCs entered into force and can be used Until 27 September 2021 The old SCCs may still be used in new contracts 27 December 2022 The old SCCs will lose their validity - contracts need to be updated.
13 13 Data Transfers Risk Assessments Know your transfers Reassess all data processing operations on a case-by-case basis Identify the transfer tools you are relying on “Appropriate Safeguards”? Choose your instrument and complete third country analysis 1 2 3 Adopt Supplementary Measures Obtain DPA Approval If the transfer mechanism requires you to do so BCRs, ad hoc clauses, etc. Review and Update Like all accountability measures, regular reviews and updates are needed 4 5 6 Assess the legislation in, and international commitments of, the third country where the data are flowing to
14 14 Data Transfers Risk Assessments The European Data Protection Board has identified 3 options in case third country legislation is “problematic”: 1. The data transfer is suspended, in order to guarantee that the level of protection offered by the GDPR is not undermined. 2. The data transfer is continued, but only on the basis of supplementary measures that are agreed by the partners involved in the processing operation. 3. The data transfer is continued without putting in place any supplementary measures, because the data exporter considers there is no real risk the negative impact of the problematic legislation will actually occur. Option 3 requires proper documentation and sign off from the legal representative of the data exporter. Supplementary Measures or Not?
15 15 Data Transfers Risk Assessments Technical ● Strong Encryption ● Pseudonymisation ● Protected Recipient (e.g. with professional secrecy) ● Split processing (no one has access to full dataset) ● Data minimisation Which Supplementary Measures Contractual ● Obligation to use certain technical safeguards ● Transparency obligations ○ Applicable Laws ○ Receipt of requests ○ Use of backdoors ● Commitment to take action ○ Challenge requests ● On their own likely insufficient Organisational ● Accountability measures ● Policies and procedures to comply with technical and contractual safeguards ● Adoption of standards ○ ISO ○ NIST ○ ENISA ● On their own likely insufficient ● Effectiveness of supplementary measures depends on the data transfer, including format and nature of the data, complexity of the data flow and possible onward transfers ● The EDPB has not identified any effective supplementary measures for transfers to cloud service providers or other processors which require access to data in the clear, or transfers by way of remote access.
16 16 Data Transfers Risk Assessments Countries with Limitations on Cross-Border Data Transfers © Nymity Research & Alerts - Maps and Charts, 2021
17 17 Data Transfers Risk Assessments How TrustArc Helps: Adding Surveillance Law Overview Work in Progress © Nymity Research & Alerts - Maps and Charts, 2021
18 18 Q&A
19 19 Thank You! See http://www.trustarc.com/insightseries for the 2021 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recommended

International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer UpdateTrustArc
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysTrustArc
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand TrustArc
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 

Recommended

International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer UpdateTrustArc
 
China's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysChina's PIPL: How to Comply in Under 60 Days
China's PIPL: How to Comply in Under 60 DaysTrustArc
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand TrustArc
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
Privacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramPrivacy Frameworks: The Foundation for Every Privacy Program
Privacy Frameworks: The Foundation for Every Privacy ProgramTrustArc
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateTrustArc
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsTrustArc
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceTrustArc
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key ChangesCraig Clark ITIL, CIS LI,EU GDPR P
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems IIFanny Surjana
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowTrustArc
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non expertsClaudio Bolla, CISM
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015Jan Dhont
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 

More Related Content

What's hot

U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateTrustArc
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsTrustArc
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateTrustArc
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceTrustArc
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementTrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementTrustArc
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeTrustArc
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for YouTrustArc
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskTrustArc
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowTrustArc
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non expertsClaudio Bolla, CISM
 

What's hot (20)

U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy Update
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years Later
 
So Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law UpdateSo Many States, So Many Privacy Laws: US State Privacy Law Update
So Many States, So Many Privacy Laws: US State Privacy Law Update
 
Cookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain ComplianceCookie Consent Regulatory Updates: How to Maintain Compliance
Cookie Consent Regulatory Updates: How to Maintain Compliance
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
 
Becoming PIPL Compliant In No Time
Becoming PIPL Compliant In No TimeBecoming PIPL Compliant In No Time
Becoming PIPL Compliant In No Time
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy RiskAssessing Risk: How Organizations Can Proactively Manage Privacy Risk
Assessing Risk: How Organizations Can Proactively Manage Privacy Risk
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems II
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
CCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to KnowCCPA for CISOs: What You Need to Know
CCPA for CISOs: What You Need to Know
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
 

Similar to EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?

2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015Jan Dhont
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...NETWAYS
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
A Brief Introduction to Standard Contractual Clauses (2021).pptx
A Brief Introduction to Standard Contractual Clauses (2021).pptxA Brief Introduction to Standard Contractual Clauses (2021).pptx
A Brief Introduction to Standard Contractual Clauses (2021).pptxBrianMiller591083
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clausesBrian Miller, Solicitor
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
 
Become legally compliant using CloudWATCH2 Legal Guides
Become legally compliant using CloudWATCH2 Legal GuidesBecome legally compliant using CloudWATCH2 Legal Guides
Become legally compliant using CloudWATCH2 Legal GuidesCloudWATCH Consortium
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersIT Governance Ltd
 
One year later… Revisiting the GDPR and what it means for the cloud
One year later… Revisiting the GDPR and what it means for the cloudOne year later… Revisiting the GDPR and what it means for the cloud
One year later… Revisiting the GDPR and what it means for the cloudOVHcloud
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
 
SLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal AspectsSLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal AspectsOliver Barreto Rodríguez
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transferspi
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019Roger Coenen
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 

Similar to EU Update: Applying the new SCCs, or ‘just’ the complete GDPR? (20)

2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Case by case - moving data centres to Romania
Case by case - moving data centres to RomaniaCase by case - moving data centres to Romania
Case by case - moving data centres to Romania
 
A Brief Introduction to Standard Contractual Clauses (2021).pptx
A Brief Introduction to Standard Contractual Clauses (2021).pptxA Brief Introduction to Standard Contractual Clauses (2021).pptx
A Brief Introduction to Standard Contractual Clauses (2021).pptx
 
Replacement standard contractual clauses
Replacement standard contractual clausesReplacement standard contractual clauses
Replacement standard contractual clauses
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK Perspective
 
Become legally compliant using CloudWATCH2 Legal Guides
Become legally compliant using CloudWATCH2 Legal GuidesBecome legally compliant using CloudWATCH2 Legal Guides
Become legally compliant using CloudWATCH2 Legal Guides
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
One year later… Revisiting the GDPR and what it means for the cloud
One year later… Revisiting the GDPR and what it means for the cloudOne year later… Revisiting the GDPR and what it means for the cloud
One year later… Revisiting the GDPR and what it means for the cloud
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
 
SLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal AspectsSLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
 
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data TransfersGeneral Data Protection Regulation (GDPR) - Cross-Border Data Transfers
General Data Protection Regulation (GDPR) - Cross-Border Data Transfers
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 

More from TrustArc

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 

More from TrustArc (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?

  • 1. 1 1 © 2021 TrustArc Inc. Proprietary and Confidential Information. EU Update: Applying the new SCCs, or ‘just’ the complete GDPR? 30 June 2021
  • 2. 2 2 Thank You for Joining “The Intersection of Healthcare Data & Privacy: How to Navigate the New Challenges” ● We will be starting a couple minutes after the hour ● This webinar will be recorded and the recording and slides sent out later today ● Please use the GoToWebinar control panel on the right hand side to submit any questions for the speakers
  • 3. 3 3 Speakers Paul Breitbarth Director, Global Policy & EU Strategy TrustArc K Royal Associate General Counsel TrustArc
  • 4. 4 4 Agenda ● Adequacy Decisions ● Standard Contractual Clauses ● EDPB Data Transfer Guidance ● Q&A
  • 5. 5 5 Adequacy Decisions United Kingdom & South Korea 28 June 2021 GDPR Adequacy Decision LED Adequacy Decision 16 June 2021 Draft GDPR Adequacy Decision Images courtesy of the European Commission @EU_Justice
  • 6. 6 6 Standard Contractual Clauses ● DPAs focus so far on data transfers to the United States and China based on SCCs. The main checks seem to be: ○ What kind of personal data is transferred to a third country, with a focus on special categories of personal data; ○ If a data transfer risk assessment has been completed; and ○ If, when using a contractual safeguard, supplementary measures have been considered and put in place. ● Other forms of enforcement action cannot be ruled out. Investigations may be ongoing without having been announced. Observations on Enforcement to Date
  • 7. 7 7 New Standard Contractual Clauses Adopted 4 June 2021 OJ L 199 7.6.2021 p. 31–61
  • 8. 8 8 New Standard Contractual Clauses Section I ● Clause 1 - Purpose and scope ● Clause 2 – Effect and invariability of the Clauses ● Clause 3 – Third-party beneficiaries ● Clause 4 - Interpretation ● Clause 5 - Hierarchy ● Clause 6 - Description of the Transfer ● Clause 7 - Docking Clause Section II - Obligations of the Parties ● Clause 8 - Data Protection Safeguards ○ Module 1: C-C ○ Module 2: C-P ○ Module 3: P-P ○ Module 4: P-C ● Clause 9 – Use of sub-processors ● Clause 10 – Data subject rights ● Clause 11 – Redress ● Clause 12 - Liability ● Clause 13 - Supervision
  • 9. 9 9 New Standard Contractual Clauses Section III – Local laws and obligations in case of access by public authorities ● Clause 14 - Local Laws Affecting Compliance with the Clauses ● Clause 15 – Obligations of the importer in case of access by public authorities Section IV - Final Provisions ● Clause 16 - Non-compliance ● Clause 17 - Governing Law ● Clause 18 - Choice of Forum and Jurisdiction ● Appendix Annex I A. List of Parties B. Description of Transfer C. Competent Supervisory Authority Annex II - Technical and Organisational Measures Annex III - List of Sub-processors
  • 10. 10 10 New Standard Contractual Clauses Scope of application Art. 3(2) GDPR applicable Offering goods/services Monitoring behaviour ↓ Full GDPR applies (Includes art. 32 - Security) Art. 3(2) GDPR applicable Offering goods/services Monitoring behaviour ↓ No transfer options but adequacy No direct GDPR application ↓ Chapter V GDPR applies Transfer Mechanism needed (§7) The standard contractual clauses may be used for such transfers only to the extent that the processing by the importer does not fall within the scope of [the GDPR]. This also includes the transfer of personal data by a controller or processor not established in the Union, to the extent that the processing is subject to [the GDPR] (pursuant to Article 3(2) thereof), because it relates to the offering of goods or services to data subjects in the Union or the monitoring of their behaviour as far as it takes place within the Union.
  • 11. 11 11 New Standard Contractual Clauses Of note: ● Scope of application of the SCCs ○ If the GDPR applies by virtue of Article 3(2) GDPR, SCCs cannot be used ○ SCCs may still be required for onward transfers to processors of the data importer ● Commission maintains the risk-based approach that was previously rejected by the EDPS and EDPB ○ E.g. clause 14(b) under i and iii – For the third country risk assessment, parties will among other things need to take into account the “format” of the data transferred, as well as “contractual, technical or organisational safeguards (…) including during transmission”. ● Strong focus on accountability – numerous documentation requirements, including on the data importer ○ Recital 17 Decision - The parties should be able to demonstrate compliance with the standard contractual clauses. ○ Clause 14(d) – Document the third country risk assessment
  • 12. 12 12 New Standard Contractual Clauses 27 June 2021 The new SCCs entered into force and can be used Until 27 September 2021 The old SCCs may still be used in new contracts 27 December 2022 The old SCCs will lose their validity - contracts need to be updated.
  • 13. 13 13 Data Transfers Risk Assessments Know your transfers Reassess all data processing operations on a case-by-case basis Identify the transfer tools you are relying on “Appropriate Safeguards”? Choose your instrument and complete third country analysis 1 2 3 Adopt Supplementary Measures Obtain DPA Approval If the transfer mechanism requires you to do so BCRs, ad hoc clauses, etc. Review and Update Like all accountability measures, regular reviews and updates are needed 4 5 6 Assess the legislation in, and international commitments of, the third country where the data are flowing to
  • 14. 14 14 Data Transfers Risk Assessments The European Data Protection Board has identified 3 options in case third country legislation is “problematic”: 1. The data transfer is suspended, in order to guarantee that the level of protection offered by the GDPR is not undermined. 2. The data transfer is continued, but only on the basis of supplementary measures that are agreed by the partners involved in the processing operation. 3. The data transfer is continued without putting in place any supplementary measures, because the data exporter considers there is no real risk the negative impact of the problematic legislation will actually occur. Option 3 requires proper documentation and sign off from the legal representative of the data exporter. Supplementary Measures or Not?
  • 15. 15 15 Data Transfers Risk Assessments Technical ● Strong Encryption ● Pseudonymisation ● Protected Recipient (e.g. with professional secrecy) ● Split processing (no one has access to full dataset) ● Data minimisation Which Supplementary Measures Contractual ● Obligation to use certain technical safeguards ● Transparency obligations ○ Applicable Laws ○ Receipt of requests ○ Use of backdoors ● Commitment to take action ○ Challenge requests ● On their own likely insufficient Organisational ● Accountability measures ● Policies and procedures to comply with technical and contractual safeguards ● Adoption of standards ○ ISO ○ NIST ○ ENISA ● On their own likely insufficient ● Effectiveness of supplementary measures depends on the data transfer, including format and nature of the data, complexity of the data flow and possible onward transfers ● The EDPB has not identified any effective supplementary measures for transfers to cloud service providers or other processors which require access to data in the clear, or transfers by way of remote access.
  • 16. 16 16 Data Transfers Risk Assessments Countries with Limitations on Cross-Border Data Transfers © Nymity Research & Alerts - Maps and Charts, 2021
  • 17. 17 17 Data Transfers Risk Assessments How TrustArc Helps: Adding Surveillance Law Overview Work in Progress © Nymity Research & Alerts - Maps and Charts, 2021
  • 19. 19 19 Thank You! See http://www.trustarc.com/insightseries for the 2021 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.