Companies of all sizes and in all industries rely on the ability to send data across international borders. In light of the July 16, 2020, decision by the Court of Justice of the European Union (“CJEU”) in Schrems II, companies are considering appropriate measures to provide additional safeguards for data they transfer outside of the EU pursuant to Standard Contractual Clauses (“SCCs”).

BSA | The Software Alliance has identified seven principles to guide companies adopting additional safeguards for EU data transfers. These principles focus on legal, technical, and organizational measures that companies can adopt to safeguard data in connection with government requests, such as requests from law enforcement or national security authorities. These principles are intended to help organizations develop specific safeguards that can supplement SCCs, and to provide a level of protection in addition to the measures already embodied in Commission-approved SCCs.