After a long, four-month wait, we finally have recommendations from the European Data Protection Board (EDPB) on “supplementary measures” in the context of international transfers of personal data – i.e. measures required to ensure that transfers to countries outside of the European Economic Area (EEA) are permitted under the GDPR.

These recommendations, a follow-up on the Schrems II judgment of the Court of Justice of the European Union, were published on 11 November and contain a roadmap of the steps that EU-based data exporters must take to assess whether supplementary measures are required for their intended data transfer(s) as well as concrete examples of such measures and conditions to be effective.

Read our analysis of the recommendations and find out which measures you could implement in your data transfer strategy. 

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.