Published on 4 June 2021, this ruling follows the decision taken by the Court of Justice of the European Union (CJEU), in 2020, to reassess how companies transfer their data outside EU and EEA countries . It is based on pre-approved contractual clauses, which have been re-evaluated taking into account the General Data Protection Regulation (GDPR). All interested organizations will now have to analyze each data transfer to a country outside the EU accordingly.
As this new directive gets closer to going into effect, this is how business leaders should approach this transition
Schrems II has forced organizations to review their approach to international data transfers. Leaders should see these changes as an opportunity to reevaluate their business processes and anticipate contractual compliance. The final guidance from the European Data Protection Board (EDPB) provides a clear roadmap, to ensure that transfers of personal data are lawful, meet the accountability principle of the GDPR and introduce the required operational or business changes.
Businesses must, however, follow two key steps to avoid any complications. The first is to establish the conditions for the implementation of this new regulation. This requires a comprehensive training and communication plan to ensure that new processes are clearly understood, applied and fully integrated into day-to-day operations, including assessing the impact of transfers and navigating cross-border data flows.
The second step is to rectify existing contracts. Most businesses will likely have a number of contracts to update to incorporate the changes made by these standard contractual clauses, and doing it manually would be both inefficient and time-consuming. Not to mention, identifying and locating the hundreds of contracts that need updating would be a challenge in itself. The teams must be able to carry out a detailed analysis of the content of the contracts and to extract the relevant information from them at a rapid pace, ensuring all documents remain fully compliant, leaving little room for error.
Ideally, companies should optimize the efficiency of each activity throughout the lifecycle of contracts and documents, but also ensure that they minimize risk during this period. Digital tools, such as contract lifecycle management solutions, can help with this and increase the value of future documents through standardized processes, predefined templates and increased automation. Artificial intelligence (AI) can even help isolate unstructured data in trade agreements, for a team member to review and validate its accuracy.