European Union: Final version Recommendations on Supplementary Measures including data governance regulation

The second and final version of the Recommendations on Supplementary Measures is adopted by the European Data Protection Board, providing exporters of data (controllers or processors) with a series of steps to follow, potential sources of information, and some examples of supplementary measures that could be put in place in order to be compliant with the EU level of protection of personal data following the Schrems II Case. The second version emphasises the relevance of third country public authorities, importers and third country legislation for exporters' assessment of the level of data protection.