Key Takeaways:

• Brief Facts of the Case
• Scope of the GDPR
• Invalidation of the Privacy Shield
• Validation of Controller-to-Processor SCCs
• SCCs and Transfer Impact Assessments
• Responsibilities of SAs in the Context of Data Transfers
• Primacy of Adequacy Decisions
• Commentary from The Cyber Solicitor