Article
The New EU Standard Contractual Clauses: what are the discoveries?
June 04, 2021
After a period of public consultation and a joint opinion rendered by the EDPB and the EDPS, MyData-Trust is very happy to finally be able to discover the new Standard Contractual Clauses (SCCs). On June 4, the European Commission published the new SCCs. These clauses are “revised data transfer tools with stronger legal and privacy safeguards to enable companies to transfer Europeans’ data securely around the world.”[1]
The goal was to avoid a potential “Schrems III”.
SCCs
The SCCs came into question after the EU Court of Justice asked privacy bodies to suspend and ban transfers made through SCCs outside the EU if data protection in other countries could not be guaranteed.
The European Commission issued modernised SCCs under the GDPR for data transfers from controllers or processors in the EU/EEA to controllers or processors established outside the EU/EEA. These modernised SCCs will replace the three sets of SCCs that were adopted under the previous Data Protection Directive 95/46.
The new SCCs are modular in nature to allow companies to address more than one type of transfer using the same framework and also add and remove parties in the future. In addition, new transfers “options” have been included, which will make it possible to cover some common types of data transfers for which there was no officially, compliant option in the past, such as exports by EU processors.
What should you now?
At which point the 18-month clock for transitioning to the new SCCs will begin to tick? As companies have learned in the run-up to GDPR, a year can go by very quickly. Nevertheless, the message from EU regulators is that they expect companies to make this transition and also continue to take steps to meet the requirements set forth by Schrems II as soon as possible, regardless of the effort involved.
Where to find the documents
We can help you
Our team is available to help you to identify what needs to be implemented and set the priorities.
If you have any questions regarding the SCCs, the scope, the Data Protection Officer or Representative, the Competent Supervisory Authority or about Data Transfers, please contact us. MyData-Trust team will put all their efforts to support and sustain your activities involving personal data.
