In July 2020, the Court of Justice of the European Union (CJEU) ruled on the Schrems II case, invalidating the EU-US Privacy Shield and changing the way organizations manage personal data transfers overnight. This decision required many organizations to evaluate alternative data transfer mechanisms to comply with personal data transfer requirements under the GDPR.
In June 2021, the European Data Protection Board (EDPB) adopted guidelines on “supplementary measures” to ensure compliance with the EU’s level of personal data protection when transferring personal data from the EU to a third country.