On 21 June 2021, the European Data Protection Board (EDPB) released the long-awaited updated Recommendations on possible supplementary measures when transferring personal data out of the European Economic Area (EEA). These Recommendations align with the new Standard Contractual Clauses for International Transfers that were released by the European Commission on 4 June 2021 and require organisations to conduct third country risk assessments before transferring personal data.
In this episode, Paul Breitbarth and K Royal discuss the details of the new European guidance, but also comment on how to do all this work in practice. Is it for example reasonable to expect such detailed assessments from companies? Is the risk-based approach really back? And how does all of this guidance relate to the whole debate about the scope of application of the GDPR. The lawyers in Paul certainly don’t seem to agree on the interpretation of the GDPR. This episode can be heard on our website or streamed below.