Practicalities of Compliance with EU International Transfer Rules following Schrems II


  • Alisa Vekeman


  • Nikolaos Theodorakis
  • Eduardo Ustaran
  • Ciara Staunton
  • Leonardo Cervera Navas

Organisation: CPDP

Room: Online 1

Timing: 11:45 - 13:00 on 27 January 2021

The Schrems II decision has engendered a considerable amount of commentary. Much of this commentary, however, has taken a political and/or academic perspective. There thus remains a great deal of unexplored space regarding how the decision has affected the practice of compliance with EU data protection law's international transfer requirements. There remains a lack of exploration, for example, as to how the decision has been interpreted in practice and as to how this interpretation has fed strategies for allowing continued international data flows. Despite the lack of extended consideration, the impact of jurisprudence in relation to international data flows will surely be extensively shaped by pragmatic approaches taken to compliance. In this regard, this panel will seek to explore this space and, in particular, will consider the following questions:

• To what degree has the Schrems II decision impacted the practicalities of compliance regarding international transfers of personal data?
• What, from a practical perspective, are the key issues the judgment has raised and how effective have efforts to remedy these issues been?
• Are there differences in how the decision has impacted compliance between sectors and between different jurisdictions - how has the decision impacted non-EU jurisdictions?
• What novel strategies are being developed/deployed to facilitate practical compliance following Schrems II?


Alisa Vekeman

DG Just (EU)

Alisa Vekeman is a member of the international data flows and protection unit of the European Commission. She is part of the teams responsible for EU - US data flows and the adequacy talks with South Korea. She also works on the modernisation of standard contractual clauses and the review of existing adequacy decisions. Prior to joining the European Commission, Alisa Vekeman worked for the EU Delegation to the Council of Europe, where she followed the negotiations on the modernised Council of Europe Convention 108. She holds degrees in law and human rights.


Nikolaos Theodorakis

Wilson Sonsini Goodrich & Rosati (BE)

Nikolaos Theodorakis is Of Counsel in the Brussels office of Wilson Sonsini Goodrich & Rosati, where his practice focuses on privacy and cybersecurity. Nikolaos regularly counsels on matters of EU data protection law, GDPR compliance, cybersecurity preparedness, advertising, and marketing and offers a full cycle of services that includes both non-contentious matters and investigations with supervisory authorities.
In addition, Nikolaos is an associate professor of law at the University of Oxford and a fellow at Stanford Law School, focusing on technology and intellectual property issues. Previously, Nikolaos taught and conducted research at the University of Cambridge, Harvard Law School, and Columbia Law School. He also gained professional experience at the U.S. Committee on Capital Markets Regulation, the Kluge Center at the U.S. Library of Congress, and the UK Ministry of Justice.

Eduardo Ustaran

Hogan Lovells (UK)

Eduardo is a partner in the global Privacy and Information Management practice of Hogan Lovells and an internationally recognised expert in privacy and data protection law. He is a dually qualified English Solicitor and Spanish Abogado based in London.
Eduardo is also the author of The Future of Privacy (DataGuidance, 2013), a ground breaking book where he anticipates the key elements that organisations and privacy professionals will need to tackle to comply with the regulatory framework of the future.
Eduardo advises some of the world's leading companies on the adoption of global privacy strategies and is closely involved in the development of the new EU data protection framework.

Ciara Staunton

Middlesex University London (UK)

Dr Ciara Staunton is a Senior Lecturer in Law at Middlesex University (London) and a Senior Researcher at the Institute for Biomedicine, Eurac Research (Italy). In addition she is an Honorary Research Associate at the Faculty of Health Sciences, University of Cape Town and a Consultant to the South African National Health Laboratory Service. Her research focuses on the governance of new and emerging technologies, in particular stem cell research, genomic research and biobanking. Ciara’s current research focuses on the sharing of health data for research.

Leonardo Cervera Navas


Leonardo Cervera Navas is the Director of the Office of the EDPS, the Data Protection Authority of the EU. Law graduate of the University of Málaga. Master’s degree in European Law from the University of Granada. Fellow at Duke University in North Carolina as part of the EU Fellowship Programme of the European Commission. Post-graduate diploma in HR management by Kingston University. Member of the Málaga Academy of Sciences (correspondent in Brussels).
Working in Data Protection in the EU institutions since 1999, in the European Commission and in 2010 he joined the EDPS as Head of HR, Budget and Administration. In 2018 he was appointed Director responsible for coordination and implementation of the strategies and policies of the institution.