In the wake of CPW’s must-read four part series on the European Data Protection Board’s (“EDPB”)  draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR,” we have a follow up on important documents that have recently been released relating to rules governing the transfer of EU personal data.  These materials were published by the EDPB and the EU Commission.

In the aftermath of the landmark decision by the Court of Justice of the European Union (CJEU) on international data transfers (with potential significant impact on U.S. companies) – the so-called Schrems II judgment  – organizations have been awaiting additional guidance from EU authorities on measures that must be implemented to transfer personal data to third countries without being in breach of  the Regulation (EU) 2016/679, i.e. the General European Data Protection Regulation (GDPR).  A comprehensive overview of this must-read guidance is here.