Information Commissioner's Office
Updated ICO statement on recommendations published by the European Data Protection Board following the Schrems II case
Statement by an ICO spokesperson on recommendations published by the European Data Protection Board following the Schrems II case
“We are reviewing the two recommendations published by the European Data Protection Board (EDPB) following the CJEU Schrems II ruling in July. The judgment confirmed how EU standards of data protection must travel with personal data when it goes overseas.
“The first recommendation updates the European Essential Guarantee for surveillance measures.
“The second has been published for public consultation and looks at the extra measures organisations may take to support the international transfer of data to meet EU standards, and is out for public consultation.
“This recommendation follows previous EDPB guidance stating that organisations must conduct a risk assessment as to whether a transfer tool, such as Standard Contractual Clauses (SCCs), provides enough protection within the legal framework of the destination country. If not, organisations must put extra measures in place to mitigate the risks.
“The Schrems II judgment said that supervisory authorities have an important role to play in the oversight of international transfers. As part of this role we are reviewing the recommendations and will consider whether we need to publish our own guidance in due course.
“We are also reviewing the European Commission’s new GDPR SCCs currently under consultation.
“We reiterate our advice that organisations should take stock of the international transfers they make, and update their practices as guidance and advice become available.
“We continue to apply a risk-based and proportionate approach to our oversight of international transfers in accordance with our Regulatory Action Policy.”
Latest News from
Information Commissioner's Office
Marketing boss banned after thousands of nuisance calls26/11/2020 15:38:00
Marketing company director who made over 75,500 unsolicited marketing calls banned by the Insolvency Service for six years.
ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details13/11/2020 14:25:00
The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure.
Blog: Access to information: driving change through education, engagement and enforcement13/11/2020 09:10:00
A blog for police forces, public authorities and data protection practitioners (12 November 2020).
Open Data Institute’s 2020 virtual summit12/11/2020 15:48:00
Elizabeth Denham spoke at the Open Data Institute’s 2020 virtual summit. She spoke about the role of trust in innovation, where data ethics and social equality overlap, and the hope that 2021 might be a year of opportunity.
UK political parties must improve data protection practices12/11/2020 09:10:00
The Information Commissioner’s Office (ICO) has set out how seven of the UK’s political parties need to improve the way they handle people’s personal data after assessing how they manage data protection.
Blog: ICO regulatory sandbox06/11/2020 09:10:00
Sandbox helps develop innovative tools to combat financial crime.
ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure02/11/2020 09:10:00
The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.
Greater Manchester claims management company fined £250,000 for making millions of nuisance calls30/10/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law.