European Union: Adopted Recommendations on Supplementary Measures explaining data protection measures for data exporters

The first version of the Recommendations on Supplementary Measures are adopted by the European Data Protection Board for consultation. Following the Schrems II Case, they aim to provide exporters of data (controllers or processors) with a series of steps to follow, potential sources of information, and some examples of supplementary measures that could be put in place in order to be compliant with the EU level of protection of personal data. It is recommended that appropriate supplementary measures are identified and implemented to ensure a substantially equivalent level of protection for data transferred to third countries.