Unless you are exclusively devoting this lockdown to following webinars on the Schrems II decision (there is an impressive offering out there), you may have missed a couple of interesting developments in the area of data protection:
- the European Data Protection Board adopted recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, which can be found here. In short, the EDPB sets forth a to-do-list for data controllers exporting data composed of 6 steps:
- 1. map your transfers outside the EU;
- 2. verify the transfer tool you are using;
- 3. assess the law or practice of the country of destination (refer to the EDPB European Essential Guarantees recommendation);
- 4. identify and adopt supplementary measures;
- 5. take any formal step to introduce any supplementary measures; and
- 6. re-evaluate periodically.