The Schrems II decision affected a large number of companies transferring personal data to the United States from the European Union. Schrems II invalidated the Privacy Shield Framework and provided additional guidance to using Standard Contractual Clauses (SCCs) for transfers. Companies using the Privacy Shield Framework and SCCs must adapt to this change to avoid fines under the General Data Protection Regulation.

The panelists will discuss:

• Background of the Schrems II case;
• Data Protection Authority guidance on the decision and how companies should respond to this change;
• US Department of Commerce guidance on the decision; and
• Fines issued so far to the companies that are still using the Privacy Shield Framework despite its invalidation.