EU

The Complete Handbook for Cross Border Transfers of Personal Information Utilizing the New European Standard Contractual Clauses

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on December 8, 2022

Posted in Data, Data collection, Data Privacy Law, EEA, EU E-Privacy Directive, European Data Protection Board, European Union, Featured, GDPR, Germany, Personal information, SCC

All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from…

Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 12, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, GDPR, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

…

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 9, 2022

Posted in Data Privacy & Cybersecurity, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

…

Transfers from a US Controller to EEA processors (Renvois): Controller (US) → Processor (US) → Sub-processor (EEA) → Processor (US)

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on March 4, 2022

Posted in Data, Data collection, Data Privacy & Cybersecurity, EEA, European Union, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.

Visual	Summary
	Cross border transfers in the United States don’t need a SCC. Company A is not required under U.S. law or the GDPR to

…

Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z-1 (US), Processor Z-2 (Non-EEA), Processor Z-3 (Non-EEA), etc.

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on March 2, 2022

Posted in Data, Data collection, Data Privacy & Cybersecurity, EEA, European Union, SCC

Visual	Summary
Overview of situation. Company A in the EEA retains Company Z-1 in the US to process personal data. Company Z-1 intends to

…

Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z (non-EEA) → Processor X (Non-EEA) → Controller A (EEA)

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on February 28, 2022

Posted in Data, Data collection, Data Privacy & Cybersecurity, EEA, European Union, Online tracking, SCC

Visual	Summary
	1st Transfer: SCC Module 2. Initial cross-border transfer from EEA to Country Q utilizes the SCC Module 2 designed for transfers from

…

Gretchen Ramos Quoted in Cybersecurity Law Report Article on Cross-Border Data Transfers Under Schrems II

By Greenberg Traurig, LLP on February 25, 2022

Posted in Data, Data Privacy & Cybersecurity, Data Privacy Law, European Union, Featured

Gretchen A. Ramos is quoted in a Cybersecurity Law Report article titled “Navigating Post-Schrems II International Data Transfer Waters: Challenges and TIAs.” The article discusses the challenges companies may face as they complete transfer impact assessments (TIAs) and update their standard contractual clauses (SCCs).

Click here to read the full article. (subscription required)

Transfers from EEA Controller to non-EEA Processor: Controller A (EEA)→Processor Z (US) →Processor X (US) →Controller A (EEA)

By Greenberg Traurig, LLP, David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on February 24, 2022

Posted in Data collection, EEA, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses, approved by the European Commission in June 2021.

Visual	Summary
	1st Transfer: SCC Module 2. Initial cross-border transfer from EEA to United States utilizes the SCC Module 2 designed for transfers from

…

Controller (EEA)→ Controller (US)→ Controller (non-EEA)

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on February 3, 2022

Posted in Data collection, Data Privacy & Cybersecurity, EEA, European Union, SCC

Visual	Implications
	Initial cross-border transfer from the EEA to the US utilizes the SCC Module 1 designed for transfers from a controller to another non-EEA

…

EU Commission Confirms Adequate Level of Data Protection in South Korea

By Dr. Viola Bensinger, Carsten A. Kociok & Ricarda Seifert on January 26, 2022

Posted in Data collection, EEA, European Union, Featured, GDPR, GT Alert, South Korea

With its adoption of an adequacy decision pursuant to Art. 45 General Data Protection Regulation (GDPR) for the Republic of Korea on Dec. 17, 2021, the European Commission has declared that the country provides an adequate data protection level comparable with GDPR standards.

Click here to read the full GT Alert.

Data Privacy Dish

EU