Proteus® NextGen Data Privacy™ is able to make this task easy for you. Automated workflow ensures that case-by-case TIAs are conducted and the associated risks are assessed. Suitable SCCs are then produced for electronic (or manual if you prefer) signoff. This solution is available as a stand-alone capability for organisations whose existing data privacy system is unable to address the new requirements brought about be the Schrems II ruling. Existing users of Proteus® NextGen Data Privacy™ have this new capability included with immediate effect at no additional cost.
As a result of The Court of Justice of the European Union decision on 16th July 2020 (case C-311/18), the previously much relied on EU-U.S. Privacy Shield is no longer a valid adequacy instrument to enable personal data transfers from the EU to the U.S. because U.S. state surveillance powers are excessive. Relationships where third parties export personal data should be reviewed on a case-by-case basis by undertaking Transfer Impact Assessments (TIAs) and then additional measures, likely to include revised Standard Contractual Clauses (SSCs), should be introduced.
There are some practical points that arise from this judgement:
The TIA should cover:
Proteus NextGen is enterprise software that already audits third parties for everything required by the new TIAs, thereby providing the case-by-case assessment required by the Schrems II ruling.
Hosted in the EU as a SaaS platform, systems can be provisioned within half a day if required. Import your third-party vendor list. Issue the preconfigured surveys which incorporate a full TIA. These are automatically risk assessed to enable easy prioritization of activity. Produce new SCC contracts automatically including appropriate standard clauses, relevant country clauses, adequacy statements and sdetails of processing activity. Automated sign off completes the process. Easy ongoing review in subsequent years. It couldn't be easier!