• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

EDPB to Publish FAQs on Data Transfers

July 24, 2020 By Daniel Felz

This morning, Germany’s Federal Data Protection Authority (DPA) announced that the European Data Protection Board (EDPB) has finalized an initial set of FAQs on international transfers in light of the recent Schrems II judgment.  You can read our detailed analysis of the Schrems II judgment here.  Initial reactions from European privacy enforcers are summarized here, along with an analysis of early EDPB guidance here.

Per Germany’s Federal DPA, the EDPB FAQs are envisioned to be a “living document.”  The version published today will contain answers to questions that European DPAs were asked “very frequently” within the last week.  They may be updated over time.

Germany’s Federal DPA provides a preview of some of the guidelines that will be in the FAQs:

  • Privacy Shield: There will be “no grace period” for Privacy Shield organizations. Practically, this means that “the transition [from Privacy Shield to an alternative transfer mechanism] must be started immediately.”
  • Standard Contractual Clauses: SCCs can only be used for transfers to the United States – or other non-EU countries – “if additional measures are implemented that guarantee the same level of protection as in the EU.” This will require a “case by case” assessment.
  • Vendor Diligence: The FAQs will apparently address companies’ duties to assess the risk that their vendors may transfer data to a non-EU country.  If companies “do not know whether, as part of processing, data are sent to a third country,” they must now “review their contracts with their vendors.”

According to the Federal DPA, the EDPB’s FAQs could be published as early as today.  Alston & Bird will provide updates as these FAQs become available.

 

Alston & Bird is assisting clients of all sizes in addressing data transfer issues.  For more information, contact Jim Harvey, David Keating, Wim Nauwelaerts, or Daniel Felz.

Filed Under: GDPR, Privacy, Regulation

About Daniel Felz

Daniel Felz is a senior associate with Alston & Bird’s Privacy & Data Security Group. Dan leverages his extensive international experience to advise clients on global privacy, cybersecurity, technology, and adversarial matters.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy