As a result of The Court of Justice of the European Union decision on 16th July 2020 (case C-311/18), the previously much relied on EU-U.S. Privacy Shield is no longer a valid adequacy instrument to enable personal data transfers from the EU to the U.S. because U.S. state surveillance powers are excessive. Relationships where third parties export personal data should be reviewed on a case-by-case basis by undertaking Transfer Impact Assessments (TIAs) and then additional measures, likely to include revised Standard Contractual Clauses (SSCs), should be introduced.
Proteus® NextGen Data Privacy™ is able to make this task easy for you. Automated workflow ensures that case-by-case TIAs are conducted and risk assessed. Suitable SCCs are then produced for electronic (or manual if you prefer) signoff. This is achieved either as part of a complete data privacy program or as a stand-alone Schrems II exercise.
There are some practical points that arise from this judgment:
The TIA should cover:
Proteus NextGen is enterprise software that already audits third parties for everything required by the new TIAs, thereby providing the case-by-case assessment required by the Schrems II ruling.
Hosted in the EU as a SaaS platform, systems can be provisioned within half a day if required. Import your third-party vendor list. Issue the preconfigured surveys which incorporate a full TIA. These are automatically risk assessed to enable easy prioritization of activity. Existing SCCs will be updated to incorporate the latest SCCs as soon as the EU Commission issues them. Automated sign off completes the process. Easy ongoing review for subsequent years. It couldn't be easier!
REQUEST A DEMO