On 11 November 2020, the European Data Protection Board (the “EDPB”) published for public consultation new Recommendations 01/2020 on the measures to be taken to supplement the personal data transfer tools organisations currently rely upon to ensure compliance with EU data protection laws when transferring personal data from Europe (the “Recommendations”).
The Recommendations describe the steps that businesses must now take to determine if they need to put in place supplementary measures to transfer personal data outside the European Economic Area (the “EEA”) in accordance with the General Data Protection Regulation 2016/679 (the “GDPR”). The Recommendations are particularly relevant for businesses who rely on the standard contractual clauses, binding corporate rules or other “appropriate safeguards” in Article 46(2) of the GDPR to transfer personal data outside the EEA to locations that the European Commission has not determined offer adequate data protection.