Weltkugel_Datentransfer_Datenschutz-Prüfung zum Drittlandtransfer angekündigt

Could you also be affected? – Cross-border review of third country transfer announced (data protection)

Cross-border data protection review for third-country transfer announced

After the Privacy Shield Agreement was overturned last summer by the initiative of Max Schrems, the examinations by the data protection state authorities are now coming. A cross-border data protection review on third-country transfers has been announced. A press release from the Data Protection Authority of Lower Saxony brings it to the public:

“The State Commissioner for Data Protection (LfD) of Lower Saxony participates in a transnational control of data transfers by companies in countries outside the European Union or the European Economic Area (so-called third countries). The aim of this examination is the broad enforcement of the requirements of the European Court of Justice (ECJ) in its decision “Schrems II” of 16 July 2020. In it, the court found that transfers to the USA can no longer be made on the basis of the so-called Privacy Shield.”

The state data protection authorities of Lower Saxony, Baden-Württemberg, Bavaria, Berlin, Bremen, Brandenburg, Hamburg, Rhineland-Palatinate and Saarland are participating in this audit.

Data protection review on third country transfer announced –
What are the effects of the EUGH’s ruling?

The Data Protection Authority has summarised this in an article.

“What are the consequences of the ruling for data exports to third countries?

Transfers of personal data to the USA on the basis of the Privacy Shield are not permitted. Such transfers must therefore be converted to other legal bases or stopped without delay.’

“What concrete steps should be taken to implement the Schrems II ruling?

  1. Inventory of data exports to third countries
  2. Verification of data exports on the basis of standard contractual clauses
  3. Verification of data exports on the basis of Binding Corporate Rules
  4. Data exports on the basis of exceptions pursuant to Article 49 GDPR
  5. Review and, if necessary, update of documentation and information obligations
  6. Obligation to report to the supervisory authority

Data protection review on third-country transfer announced

If you want to read the complete article, click here.

The colleagues from ActiveMinds AG have summarized the important points that need to be considered and done now

  1. What do the authorities want to know from the companies?
  2. What is important to the authorities?
  3. What companies can do now                                                                                                                            – — List of processing activities
    – Accountability
    – Additional measures for identified third country transfers
  4. Conclusion: Check for yourself now before the authorities do it

On the landing page of ActiveMinds there are many tips and forms as well as information about the topic.

The law firm Heuking&Partner has also put together a lot. The result can be found here and here.

The internationally active law firm Bird&Bird has also compiled a lot of information.

More information on the subject of data protection can be found here or on the GDPR here.

 

Note: This is a machine translation. It is neither 100% complete nor 100% correct. We can therefore not guarantee the result.

Share
Newsletter