Schrems II Solutions & Free Tools

Understand data transfer mechanisms and demonstrate privacy compliance

Free Shrems II vendor assessment templates and a complete suite of privacy compliance solutions

Schrems II Solutions, Judgement, and Impact

On July 16, 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield as a lawful mechanism to transfer personal data and determined that Standard Contractual Clauses (SCC) will require stricter considerations of the destination jurisdictions moving forward. The additional SCC-related obligations will also apply to binding corporate rules (BCRs) according to the European Data Protection Board. Businesses are now having to review their third-party vendors to ensure that their means of transferring data meet the heightened obligations for valid transfers from the EU to the U.S. and other jurisdictions.


Map Cross-Boarder Personal Data Transfers


Assess Vendors Relying on Privacy Shield or SCCs


Manage Contract Updates & Vendor Changes


Stay Informed on the Latest Compliance Updates

20200928 - SHREMS ii Data Transfers

Track Cross-Border Personal Data Transfers Inside and Outside of Your Business

  • Deploy a fully containerized privacy solution to eliminate unnecessary data transfers
  • Track data processing activities by IT system, business unit, and geographic location
  • Categorize personal data throughout your systems and track custom data transfer attributes
  • Practice data minimization to eliminate unnecessary personal data
  • Identify information to consider anonymizing data to avoid the GDPR’s restrictions


20200928 - Vendor Assessments SHREMS

Assess Vendors Relying on Privacy Shield, SCCs, OR BCRs

  • Flag third- and fourth-party providers and data transfer formerly reliant on the Privacy Shield
  • Prioritize vendor evaluation based on processing activities and inherent risk
  • Leverage pre-built Schrems II assessment templates to assess vendors relying on Privacy Shield,SCCs, or BCRs
  • Access pre-completed assessments and 70,000+ vendor profiles through the Vendorpedia Exchange
  • Leverage assessments-as-a-service to follow up and complete vendor assessments on your behalf
20200928 - Risk History - SHREMS

Track Vendor Updates for Lawful Personal Data Transfer Mechanisms

  • Review and reaffirm ongoing vendor practices with automated assessment technology
  • Evaluate terms under existing contracts, vendor privacy notices, trust pages, and support portals
  • Terminate or update contracts that do not have lawful transfer mechanisms in place


20200928 - DG - SHREMS II

Stay Informed On The Latest Updates With OneTrust DataGuidance™

  • Receive same-day summaries and guidance on the latest judgments and regulatory updates
  • Access our Schrems II portal with the latest news, opinions, and FAQs
  • Leverage data transfer comparison charts to compare adequacy and equivalency of third countries

Leverage OneTrust DataGuidance to get the latest insights on the Schrems II Ruling and Related Updates.

OneTrust DataGuidance is the most extensive and up-to-date source for privacy, security, and third party risk research. Review or navigate directly to Schrems II literature and documentation. Leverage insights and summary guidance published by a contributor network of over 500 lawyers, and 40 in-house legal researchers.

Onetrust All Rights Reserved