Norway’s Datatilsynet issues detailed FAQ’s on #SchremsII:

Notable takeaways:

“[T]he additional measures…could potentially be…legal, technical or organizational measures. At present…there is great uncertainty about what kind of additional measures may be sufficient if the third country has laws that take precedence over…or otherwise lower the level of protection. This means that at present it is

  • The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place.
  • Identify if you have been relying on the EU-U.S. Privacy Shield for data transfers. Check the terms of service, contracts or privacy statements for all third parties you