Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO issues statement on recommendations published by the European Data Protection Board

Link(s): https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/11/updated-ico-statement-on-recommendations-published-by-the-european-data-protection-board-following-the-schrems-ii-case/

Context

A representative of the ICO has issued a statement in respect of recommendations published by the European Data Protection Board following the Schrems II case. 

Key points to note

An ICO spokesperson has confirmed that:

  • The ICO’s review of the two recommendations published by the European Data Protection Board (EDPB) following the CJEU Schrems II ruling in July is ongoing. The ruling confirmed how EU standards of data protection must travel with personal data when it goes overseas.
  • The first recommendation updates the European Essential Guarantee for surveillance measures.
  • The second has been published for public consultation and looks at the extra measures organisations may take to support the international transfer of data to meet EU standards and is out for public consultation. This recommendation follows previous EDPB guidance stating that organisations must conduct a risk assessment as to whether a transfer tool, such as Standard Contractual Clauses (SCCs), provides enough protection within the legal framework of the destination country. If not, organisations must put extra measures in place to mitigate the risks.
  • The Schrems II judgment noted that supervisory authorities have an important role to play in the oversight of international transfers and, as part of its supervisory role, the ICO is reviewing these recommendations and will consider whether it needs to publish its own guidance in due course.
  • A review of the European Commission’s new GDPR SCCs, which are currently under consultation, is ongoing.
  • Organisations should take stock of the international transfers they make and update their practices as guidance and advice become available.
  • The ICO confirmed it will continue to apply a risk-based and proportionate approach to its oversight of international transfers in accordance with its Regulatory Action Policy.

Next actions

Firms should ensure that they conduct a review of data transfer activities to understand the parties involved, how the transfer is conducted and whether this transfer is international.