Thu, Sep 17, 2020

Alan Brill and Yvette Gabrielian Highlight 8 Questions to Ask Following Schrems II Decision

The Court of Justice for the EU issued a ruling that invalidates the primary data transfer agreement between the EU and the U.S. The ruling will have immediate and complex implications for data sharing between the EU and U.S. as the Privacy Shield can no longer be used by organizations to transfer personal data across the Atlantic. 

Alan Brill, Senior Managing Director, and Yvette Gabrielian, Senior Director, in the Cyber Risk practice of Kroll, a division of Duff & Phelps, articulate how companies that relied on the Privacy Shield can move forward and remain compliant with EU law in a Law360 article. They highlight that until a new U.S.- EU agreement is reached, organizations must also utilize the Standard Contractual Clauses (SCCs) to comply with the EU law or face sanctions. Alan and Yvette additionally share best practices as part of a series of eight practical questions to help professionals assess and shape their ongoing business processes to fit this latest ruling.

Subscribers of Law360 can access the full article here.


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Data Protection Officer (DPO) Consultancy Services

Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Managed Security Services

World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.