The German data protection authority of the federal state of Baden-Württemberg (LfDI BW) has issued detailed guidance (Guidance) on international data transfers this August and September. This is the first official guidance by a data protection authority following the decision of the Court of Justice of the European Union (CJEU) in the Schrems II case (C-311/18, Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems) that contains some solid guidance and suggestions for next steps.
Summary of the Guidance: (i) Checklist plus (ii) action items
The LfDI BW iterates that international data transfers shall be subject to an adequacy assessment and, where necessary, additional safeguards must be implemented that supplement the transfer mechanism relied upon. For this assessment, the LfDI BW proposes a checklist and specific action items for the amendment of the SCCs and potentially other data transfers mechanisms.
Continue Reading First official guidance on international data transfers post Schrems II – German data protection authority publishes checklist and action items on international data transfers