After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “supplementary measures” in the context of international transfers of personal data – i.e. measures required to ensure that transfers to countries outside of the European Economic Area (EEA) are permitted under the GDPR.
These recommendations, a follow-up on the Schrems II judgment of the Court of Justice of the European Union, were published on 11 November and contain a roadmap of the steps that EU-based data exporters must take to assess whether supplementary measures are required for their intended data transfer(s) as well as concrete examples of such measures and conditions to be effective.
Read our analysis of the recommendations and find out which measures you could implement in your data transfer strategy.