cross-border transfers

CNIL, the Commission Nationale de l’Informatique et des Libertés, which is France’s Data Protection Authority, publishes framework to deal with post-Schrems II cross border transfers following the European Data Protection Board’s final guidelines on supplemental transfer measures:

Step 1
  • Inventory your transfers (involve: DPO, information systems department, purchasing department, operational managers of services, digital service

The Canadian Office of the Privacy Commissioner has issued a “consultation on cross border transfers,” detailing its policy and seeking comments from stakeholders.

Key points on which consultation is sought:

  • Individuals would reasonably expect to be notified if their information was to be disclosed outside of Canada and be subject to the legal regime of