OneTrust Schrems II Solutions

In July 2020, the Court of Justice of the European Union (CJEU) ruled on the Schrems II case, invalidating the EU-US Privacy Shield and changing the way organizations manage personal data transfers overnight. This decision required many organizations to evaluate alternative data transfer mechanisms to comply with personal data transfer requirements under the GDPR.

In June 2021, the European Data Protection Board (EDPB) adopted guidelines on “supplementary measures” to ensure compliance with the EU’s level of personal data protection when transferring personal data from the EU to a third country.

Get Started for Free Today

Get Free Access to Schrems II Vendor Assessment Templates and More

Get Started

How OneTrust Helps

OneTrust helps both data exporters and importers operationalize the EDPB’s guidelines with an enhanced set of tools, guidance, and templates. For data exporters, OneTrust’s Schrems II Solutions help carry out the EDPB’s six step roadmap, including pre-built templates to assess third countries, perform Transfer Impact Assessments (TIAs), and evaluate the effectiveness of supplementary measures. For data importers, OneTrust helps operationalize holistic privacy and security programs through the OneTrust privacy, security, and data governance platform, ensuring that the proper operational processes, technical controls, and compliance mechanisms have been implemented across the organization.

MAP TRANSFERS

Data Mapping | Vendor Risk Management

VERIFY TRANSFER TOOLS

Data Mapping | Vendor Risk Management

ASSESS EFFECTIVENESS

TIAs | Data Guidance

ADOPT MEASURES

Data Mapping | Vendor Risk Management

UPDATE CONTRACTS

Vendor Risk Management

MONITOR & RE-EVALUATE

Vendor Risk Management | Data Guidance

CREATE DOCUMENTATION

Policy & Notice Management

BUILD YOUR TRUST PROFILE

Host Key Documentation on the Exchange

TIA RESPONSE AUTOMATION

Respond & Share Documentation

OneTrust Schrems II Solutions for Data Exporters

Know Your Transfers

Centrally document and visualize all cross-border transfers, related data importers, and the third countries involved. Take a risk-based approach to prioritize transfers, like those relying on SCCs.

Assess Countries & Vendors

Assess third-countries, identify those without adequate protection, and send additional TIAs to vendors as necessary. Access vendor transparency reports, certifications, and pre-filled TIAs from the Exchange.

Mitigate & Adopt Measures

If the transfer tool is deemed ineffective, use pre-built templates based on the EDPB guidelines to determine the additional supplementary measures that can be adopted to mitigate risks. Track controls implemented and contract updates against the centralized vendor record.

Monitor & Re-Evaluate

Monitor third-country developments and evaluate new transfers to ensure that supplementary measures remain effective and data importers honor their commitments. Manage the full vendor lifecycle, including on-boarding and off-boarding.

OneTrust Schrems II Solutions for Data Importers

Create Documentation

Generate transparency reports, SCCs, and other privacy documentation with editable templates. Publish policies and notices directly to your website, and maintain changes over time.

Build Your Trust Profile

Centralize key documentation, such as transparency reports, SCCs, and certifications, and publish your profile to the Exchange, making it visible to 10,000+ OneTrust customers. Here you can securely share your Trust Profile and control access to documentation.

TIA Response Automation

Centralize all incoming TIAs and other assessment requests. Answer TIAs once and automatically answer new TIAs (or any questionnaire) by autocompleting answers using AI, NLP, and ML technology.

Want to Learn More? Request a 1:1 Demo

Request a Demo to Learn More About How OneTrust Helps Operationalize the Schrems II Decision

Request Demo