Deloitte: Update GDPR on Schrems II

Deloitte: Update GDPR on Schrems II

Date                                       12 May 2021

Time                                       17:00–19:00 CET

Venue                                    Online

Price                                       €40

Registration link       


Webinar description

GDPR was adopted to serve two main purposes: facilitating the free flow of personal data within the EU and protecting such personal data. In July 2020, the Court of Justice of the European Union (CJEU) made a judgement referred to as C-311/18, which is known as ‘Schrems II’. Such judgement had serious implications to the flow of data, especially outside the EEA. The privacy shield that used to apply when data was transferred between the EU and USA could no longer be applied. Furthermore, certain expectations in relation to the Standard Contractual Clauses when data is flowing outside the EEA were clarified by CJEU, and further on by the European Data Protection Board.


This session will cover discussions on the matter after seeking to understand the actual judgement of Schrems II and such implications it brings with it. The course will also discuss security measures when transferring data outside of the EEA and within the EEA. The course will discuss measures such as pseudonymisation, encryption and anonymisation and how these are effective in protecting personal data.


Webinar topics

  • An introduction to GDPR
  • The principles of GDPR
  • Overview of the Rights of Data Subjects under GDPR
  • Review of the Schrems II judgement
  • Recommendations by the European Data Protection Board on measures that supplement transfer tools
  • Main misconceptions in relation to Schrems II
  • Standard Contractual Clauses and their effectiveness after Schrems II
  • The use of pseudonymisation and how this can be used to protect data after being transferred outside the EEU following Schrems II
  • Adequacy decisions by the EC and their impact on transferring data outside the EEA
  • The use of derogations when transferring data outside the EEA


Learning objectives

At the end of this seminar participants should be able to:


  • Have a good understanding of the basics of GDPR
  • Have a good understanding of the Schrems II judgement and how it impacts your data processing methodologies
  • Understand your obligations when transferring personal data outside the EEA
  • Provides you with better knowledge on how to protect personal data especially during transit and when being processed outside the EEA


Target audience

The course is ideal for parties controlling or processing data, especially those which transfer data outside the EEA as part of the day-to-day business. The course is also ideal for Data Protection Officers wishing to enhance their knowledge in this area.


Trainer name

Mr John Mark Caruana


Trainer bio and experience

John has over 10 years of experience within the financial services industry in data protection, compliance, MLRO, Directorships of collective investment schemes, FX trading, Hedging, and investment advice. He graduated with Honours in Banking & Finance in 2008 and achieved a Master of Science in Banking & Finance in 2015 where he was awarded an Honours Roll by the University of Malta and best dissertation award by the Malta Stock Exchange. In July 2018, John was the first Maltese resident to be awarded two qualifications in Data Privacy by the International Association of Privacy Professionals (IAPP) being the Certified Information Privacy Professional / Europe (CIPP/E) and Certified Information Privacy Manager (CIPM). John is a co-founder and Compliance Director of a local AML consultancy firm. He is a fellow member of the Malta Compliance Officers Association (MACO) and a member of the International Association of Privacy Professionals.

12th May 2021 17:00 - 12th May 2021 19:00