Since Schrems II, European businesses relying on the transferring of personal data beyond the EEA have been facing severe uncertainty. In this context, the international data protection community has highly anticipated further guidelines from the competent authorities to enable both controllers and processors to better navigate the post-ECJEU ruling landscape.
Against this background and following a public consultation – to which the EU Cloud CoC, SCOPE Europe and SRIW have jointly submitted their contribution –, the EDPB has drafted its final “Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data”.
The document lays down a roadmap to facilitate the effective application of GDPR’s principle of accountability. In that regard, the EDPB specifies the steps data exporters must take to identify and implement potential supplementary measures whenever GDPR-equivalent levels of protection are not in place in the recipient country.
SCOPE Europe firmly believes that codes of conduct – as one of the transferring mechanisms under Article 46 GDPR – have the potential to significantly contribute to the current scenario. In light of this, a designated taskforce under the EU Cloud CoC General Assembly has been working on the development of an effective and yet accessible safeguard for third country transfers in the format of an on-top module to the Code.
Given the recent approval of the EU Cloud CoC and accreditation of SCOPE Europe as its dedicated monitoring body, this initiative is uniquely positioned to put forward an efficient tool capable of boosting cloud adoption throughout Europe and therefore considerably accelerate its digital transition.
Our expert group in charge of developing the Third Country Module strongly welcomes the EDPB’s recommendations and looks forward to having a continuous dialogue with the national and European supervisory authorities in order to achieve workable solutions to enable international transferring while guaranteeing the proper enforcement of GDPR.
Read the full EDPB recommendation here.
To know more about the EU Cloud CoC Third Country Module, please refer to our dedicated webpage.