Next Steps for EU companies & FAQs
Content
Your browser does not support the video tag. We are fully aware that many controllers are overwhelmed with the recent judgment by the CJEU on EU-US data transfers and the lack of a grace period. We have summarized the most common questions and answers below. We also provide two model request texts that you can send to any US partner or any EU partner with US ties. Taking swift action may be a relevant factor should a DPA consider fines for non-compliance with the CJEU's ruling. We will update these FAQs and publish specific FAQs and model texts for users ("data subjects") in the coming days. Let us know if you have any feedback. Steps that EU controllers should take In accordance with the EDPB FAQs on the "Schrems II" judgment, our preliminary recommendation is that controllers take the following steps: Review all your external data flows (including to EU processors or controllers that in turn may transfer data to a non-EU entity) for data flows to third countries Identify the relevant