Data Transfers Post Schrems: Practical Considerations & Additional Safeguards

The recent decision by the Court of Justice of the European Union (CJEU) to invalidate the EU-US Privacy Shield received much attention for its geopolitical ramifications. However, the broader impact of the decision will be felt in the practical context of the much more commonly used mechanism of Standard Contractual Clauses (SCC) as well as Biding Corporate Rules (BCR). While the Court let SCC and BCR stand, it requires data exporters to conduct a case by case assessment of transfers. Furthermore, when it comes to transferring personal data from the European Economic Area (EEA) to the US, importers, and exporters are required to adopt additional safeguards to further protect the data. One thing is certain, this decision will have a significant impact on global enterprises.

Key Takeaways

  • Highlights from the Court’s decision and the FAQs published by the European Data Protection Board as they apply to data flows
  • Data related considerations that importers and exporters of EEA personal data must weigh
  • How all these acronyms, legal jargon and supporting data management practices can be translated and implemented in real world situations
  • The impact this will have on cross border transfers into the future



Sagi Leizerov, CIPP/US
Senior Vice President, Enterprise Privacy Solutions, Dataguise

Omar Tene

Omer Tene
Vice President and Chief Knowledge Officer, IAPP – Pease International Tradeport