Photo of Andrea C. Maciejewski

Andrea C. Maciejewski

Subscribe to Andrea C. Maciejewski's Posts

Andrea C. Maciejewski designs and implements privacy and security programs for clients of all sizes – from Fortune 500s to start ups – and in all sectors, including digital entertainment, marketing, online education, retail, and consumer goods. Andrea helps companies navigate the intricacies of multi-jurisdictional compliance programs as well as compliance with sector-specific data privacy and security laws.

Follow: Read more about Andrea C. MaciejewskiAndrea's Linkedin Profile

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
  • Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

On July 8, 2022, the California Privacy Protection Agency (“CPPA”) released proposed regulations to implement the California Privacy Rights Act (“CPRA”). The new proposals would dramatically change the existing regulations that apply to organizations that do business in California.

Click here to read the full article, published by the Washington Legal Foundation Aug. 19, 2022.

Controller A (Non-EEA) → Processor Z (Non-EEA) → Sub-processor Y (EEA) → Controller A (Non-EEA) (same country)

Visual Description and Implications
  • Transfer 1: No mechanism needed.  Company A is not required under the GDPR to put safeguards in place to transfer information to a processor that is also located in Country Q.
  • Transfer 2: No

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
  • The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”[1] and, as a result,

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Transfers from a European Data Subject: Data Subject→Controller (US)→Processor (US)
  • The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”1 and, as a result,

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (non-EEA)
  • The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”1 and, as a result,

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (US)
  • The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”[1] and, as a result,

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Transfers from a European Data Subject - Data Subject→Controller (US)
  • The EDPB has taken the position that a data subject “cannot be considered a controller or processor.”1 As a result, the

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Other Transfers from EEA Controller - Controller A (EEA)→Employee of Controller A (non-EEA)
  • Background. Company A is a European legal entity that does not have a legal presence in Country Q.  Company A has