Start operationalizing the recent Schrems II ruling with OneTrust GRC’s Schrems II Tools! We have launched free Vendor Risk Management tools and templates to support organizations as they work toward compliance with the Schrems II ruling. The tools help organizations re-evaluate vendors relying on Standard Contractual Clauses (SCCs) with pre-built assessment templates and manage any contract updates and vendor on and off-boarding that may occur as a result.
Register for the webinar: How to Operationalize Schrems II Impact on September 15 at 11:00 am EDT
The GDPR stipulates that when transferring personal data from the EU to a country that has not been recognized as having an adequate level of protection for personal data (third country), you must be able to demonstrate that the recipient country and company have a level of data protection that is equal to the GDPR, to ensure that the transfer is legal. The Court of Justice of the European Union (CJEU) reached a judgment on the Schrems II case in July 2020, invalidating and adding constraints to two key transfer mechanisms used for EU-US transfers: Privacy Shield and Standard Contractual Clauses (SCCs). Privacy Shield has been invalidated, so it can no longer be used as a legally recognized transfer mechanism for personal data being transferred to the US from the EU. SCCs are still considered valid but must now be used on a case-by-case basis.
The Schrems II ruling poses a new set of challenges, as organizations must now find alternative transfer mechanisms, but don’t worry, OneTrust GRC is here to help! With our new free Schrems II Vendor Risk Management tools, data controllers can:
- Identify data transfers and the mechanisms relied upon
- Assess vendors relying on SCCs with pre-built SCC and Schrems II validation templates
- Streamline the vendor assessment process with pre-completed assessments and vendor chasing services in the Vendorpedia Exchange
- Manage contract updates and vendor on-boarding and off-boarding
- Get instant alerts on new Schrems II guidance to maintain ongoing compliance
Additionally, processors—who will be on the receiving end of many of these questionnaires—can leverage OneTrust’s solutions to build a holistic data protection program, monitor guidance on the compensating controls that may be approved to provide GDPR equivalency, and help implement these controls once they are laid out.
OneTrust is committed to helping our customers navigate the “big job” ahead! These free Schrems II Vendor Risk Management tools will support our customers and prospects as they respond to the business impact following the invalidation of Privacy Shield.