How does the Schrems II ruling affect your organisation?

GDPR (General Data Protection Regulation) compliance got even more complicated this summer, as the CJEU (European Court of Justice) invalidated the EU–US Privacy Shield.

Organisations that had relied on the framework for transatlantic data transfers have been scrambling for a solution – with even some multinationals unsure how to proceed.

If you’re among those trying to understand how the ruling affects your data transfer process, IT Governance Publishing can help.

We’ve released new editions of two of our GDPR guides to account for the Schrems II ruling.

EU General Data Protection Regulation (GDPR) – An implementation and compliance guide and Alan Calder’s EU GDPR – An international guide to compliance provide comprehensive explanations of the ruling and how it affects your GDPR practices.

What do the books cover?

Both guides explain the context and reason for the CJEU’s decision.

This includes why the Austrian privacy activist Max Schrems raised his complaint and why organisations that fail to adapt their processes are violating the GDPR.

The books also explain how SCC (standard contractual clauses) can be used as an alternative to the Privacy Shield.


EU General Data Protection Regulation (GDPR) – An implementation and compliance guide provides a comprehensive guide to compliance.

It covers topics such as DPO (data protection officer) requirements, including which organisations need a DPO and what they do, as well as when organisations must conduct DPIAs (data protection impact assessments).

It also contains an index of the GDPR and an implementation FAQ, as well as guidance on how to create data protection processes that are in line with best practices.


EU GDPR – An international guide to compliance is a more streamlined resource and is ideal for those trying to understand the essentials of compliance.

It explains the terms and definitions used in the GDPR, the circumstances under which organisations may receive fines and how to meet your compliance requirements.

This includes guidance on the technologies and documentation you can use to protect the personal data that you store.