The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Other Transfers from EEA Controller Controller A (EEA)→Employee of Controller A (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Transfers from a US Controller to EEA processors (Renvois) Controller (US) →Processor (Non-EEA)→Sub-processor (EEA)→Controller (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Do people always have the right to withdraw consent?
Modern privacy laws contain different definitions for the term “consent,” and different standards for when consent will, and will not, be effective.
In Europe, the right of an individual to withdraw consent for the processing of their personal data has become near axiomatic and is often referred to by Member State supervisory authorities. The right
What information must be included in a TIA?
The impetus to conduct a Data Transfer Impact Assessment (TIA) comes from three legal authorities: (1) the European Court of Justice’s recommendation in Schrems II that the parties to a transfer verify on a case-by-case basis whether the “law of the third country of destination ensures adequate protection . . . of personal data transferred
Cross-Border Transfer Master Class: Controller (EEA)→ Controller (EEA)→ Branch Office (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
 |
|
What factors should be considered when assessing the sufficiency of U.S. laws as part of a cross-border transfer of personal information?
When transferring personal information from the European Union to the United States, the European Data Protection Board has recommended that companies undergo a six-step process through which they (1) know the data being transferred, (2) identify the transfer tool that will be relied upon, (3) assess whether the destination country (i.e., the United States) will
The Next Generation of Cross Border Transfers: How the New Standard Contractual Clauses Will Change Contracting
GT’s Carsten Kociok, Gretchen A. Ramos, and David A. Zetoony will present the webinar “The Next Generation of Cross Border Transfers: How the New Standard Contractual Clauses Will Change Contracting” on Tuesday, June 22 from 1:00 – 2:00 p.m. EST. Almost every company that transfers personal information out of Europe has relied upon
EU Decision on Cross-Border SCC of June 4, 2021
On 04 June 2021, the EU Commission adopted two new sets of standard contractual clauses (SCC): one set for the transfer of personal data from the EU to third countries (Cross-Border SCC) and another set addressing certain clauses in controller-processor data processing agreements (DPA-SCC). The adoption was made some seven months after initial drafts
Is an outsourced call center a processor or controller under the GDPR?
A controller refers to the entity that determines the “purpose and means” of how personal data will be processed. Determining the “purpose” of processing refers to deciding why information will be processed. Determining the “means” of processing refers to deciding how information will be processed.1 That does not necessarily mean, however, that a controller