by Jim Ewing, Morae

The recent Schrems II decision, invalidating Privacy Shield as a mechanism for the transfer of personal data between the EU and US, has created a very sudden, and for some companies, very burdensome challenge, particularly with no grace period provided for remediation. Although the timing of sudden compliance developments is never ideal, especially for companies already stretched thin with the global pandemic, this ruling and its impact cannot be ignored.

Morae can help. Our deep skills and experience in contract management and with data privacy and global compliance makes us uniquely qualified to support companies through their Schrems II remediation. We offer a holistic set of tools and resources to enable swift and cost-effective action which allows companies to continue to focus on their business while taking comfort that this significant risk exposure is being addressed. This includes leveraging our expert knowledge of artificial intelligence and in both large- and small-scale contract remediation to quickly identify contracts that rely upon Privacy Shield. 

We can then deploy a technology-driven process to efficiently undertake repapering and facilitate the use of Standard Contract Clauses with your third parties.  In addition, we can provide resources with subject matter expertise to review the completed standard clauses to ensure that they are fit for purpose.

In light of the Schrems II decision, we expect regulators will move to begin more closely examining international data transfers.  With this in mind, our experts can help you design a business as usual strategy for your commercial operations and ongoing privacy due diligence to ensure you are able to demonstrate compliance if and when required by regulators.