The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
|
Visual |
Summary |
 |
|
Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z-1 (US), Processor Z-2 (Non-EEA), Processor Z-3 (Non-EEA), etc.
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
| Visual | Summary |
| Overview of situation. Company A in the EEA retains Company Z-1 in the US to process personal data. Company Z-1 intends to | |
Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z (non-EEA) → Processor X (Non-EEA) → Controller A (EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
| Visual | Summary |
 |
|
Gretchen Ramos Quoted in Cybersecurity Law Report Article on Cross-Border Data Transfers Under Schrems II
Gretchen A. Ramos is quoted in a Cybersecurity Law Report article titled “Navigating Post-Schrems II International Data Transfer Waters: Challenges and TIAs.” The article discusses the challenges companies may face as they complete transfer impact assessments (TIAs) and update their standard contractual clauses (SCCs).
Click here to read the full article. (subscription required)
Transfers from EEA Controller to non-EEA Processor: Controller A (EEA)→Processor Z (US) →Processor X (US) →Controller A (EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses, approved by the European Commission in June 2021.
| Visual | Summary |
 |
|
Controller (EEA)→ Controller (US)→ Controller (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
|
Visual |
Implications |
 |
|
EU Commission Confirms Adequate Level of Data Protection in South Korea
With its adoption of an adequacy decision pursuant to Art. 45 General Data Protection Regulation (GDPR) for the Republic of Korea on Dec. 17, 2021, the European Commission has declared that the country provides an adequate data protection level comparable with GDPR standards.
Cross-Border Transfer Master Class: Controller (EEA)→ Controller (EEA)→ Branch Office (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
 |
|
Cross-Border Transfer Master Class: Transfers from EEA Controller to non-EEA Controller: Controller (EEA) → Controller (U.S.) → Processor (U.S.)
| Visual | Implications |
 |
|
Cross Border Transfer Master Class: Onward transfers from a US controller to a processor that is outside of the US and the EEA
Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)