Monday 21 September, 11am-12noon (BST)

On 16 July, Europe’s highest court handed down its judgment on Data Protection Commissioner vs Facebook Ireland Limited, Maximillian Schrems, commonly known as Schrems II. The court’s decision torpedoed one of the two most popular legal frameworks to allow transfers of personal data from Europe and the UK to the US, known as Privacy Shield, and has left the other on life support. Not content with this victory, Max Schrems recently issued 101 complaints against companies across multiple different sectors which use Google Analytics and/ or Facebook Connect to collect and send personal data to the US, promising further legal action to increase pressure on companies to comply with the ruling.

The decision isn’t just a problem for transfers to the US; it also casts doubt on transfers to any third country where the laws of that country do not provide effective legal remedies for individuals.

The world hasn’t stopped turning. International transfers are continuing. But what has undoubtedly changed is the inherent compliance risk for companies exporting personal data from the UK and Europe to third countries. Regulators have the power to suspend or terminate transfers which breach GDPR and can impose revenue-based fines.

In this session, Ross will discuss how organisations should go about assessing compliance risk in transfers, what additional safeguards might entail and the evolving regulatory guidance and market practice. Ross will also be taking questions.

Facilitated by

Martin Smith MBE (info), Chairman & Founder, The SASIG

Presented by

Ross McKean (info), Partner and Chair of the UK Data Protection and Cyber Practice, DLA Piper