“Schrems II” – Template for risk assessment and planning “Standard Contractual Clauses Plus”

In our ePrivacyNews 08/2020, we had already reported in detail on the use of standard contract clauses (SCC) in connection with the “Schrems II” court decision.  We had also pointed out recommendations for action that responsible persons must take into account in order to identify and evaluate international data transfer within the company and to place it on a secure basis, both legally and actually.
If you have decided in the meantime to continue data transfer to the USA (or China) on the basis of standard contractual clauses, you should – as stipulated by the regulatory authorities – assess the risk for the users concerned and document the necessary additional technical and organizational measures (“Standard Contractual Clauses Plus”).
Together with our partner UNVERZAGT Rechtsanwälte, we have developed a standard template that can be used to assess and plan risks:
Thus, in a first step, the risk assessment is carried out, in a second step protective measures are selected and finally in step three a risk assessment is carried out on the basis of these protective measures.
We will be happy to support you if you need further advice on this topic. Our data protection experts accompany this process and are available to answer your questions at any time.