Green paper | Schrems II and the EU–US Privacy Shield – Understanding the impact on UK organisations

Schrems II and the EU-US Privacy Shield

The Schrems II ruling in July 2020 had a significant impact on transfers of EU personal data to the US and other third countries. Organisations that make such transfers should review them to ensure that they are still lawful, and to implement any changes necessary to remain compliant.

Read this paper to discover:

  • What the Schrems II ruling is, and how it affects international transfers of personal data under the GDPR (General Data Protection Regulation);
  • The impact of the ruling on UK organisations;
  • How to evaluate data transfers to ensure compliance with the GDPR; and
  • Practical alternatives for affected transfers.

Green paper | Third-Party GDPR Audits – Conducting due diligence

Privacy by Design – Step by step

Securing the data supply chain can be a challenge. Under the GDPR, data controllers are liable not just for their own compliance, but also for that of third-party processors.

Contracts and questionnaires, while useful components of any due diligence process, are necessarily limited. Auditing third-party processors is the most effective way to ensure ongoing compliance.

Download this paper to:

  • Find out why contracts and questionnaires offer limited assurance only;
  • Understand the auditing process; and
  • Learn what to look for in a third-party audit provider.

Green paper | Privacy by Design – Step by step

Privacy by Design – Step by step

This paper discusses: 

  • What privacy by design is; 
  • The seven foundational principles of privacy by design; and 
  • An eight-step approach to implementing privacy by design. 

Webinar | Brexit and Schrems: practical implications for UK-EU data transfers


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • John Potts, Head of DPO DSAR and Breach Support, GRCI Law Limited

This webinar was recorded before the UK was awarded an adequacy decision by the EU, allowing data to flow freely from the EU to the UK.

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

Read more

Webinar | EU-US data transfers: the Practical Implications of Schrems II


  • Camilla Winlo, Director of Consulting Services, DQM GRC
  • Preston Bukaty, GDPR Consultant, IT Governance USA

In the wake of complaints from the Austrian privacy activist Max Schrems, who argued that the US government’s mass surveillance practices contradict the protections that the EU–US Privacy Shield was supposed to provide for organisations that make transatlantic personal data transfers, the ECJ (European Court of Justice) ruled that the Privacy Shield is no longer valid.

It also ruled that EU SCCs (standard contractual clauses), also known as model clauses, are valid in principle but not always in practice, depending on the circumstances of those data transfers. This also causes problems for EU-based organisations that intend to transfer personal data to and from the US.

Read more