Published on June 30, 2022
Advisori can assist your company in updating its existing Standard Contractual Clauses ("SCCs"). It's difficult to find the right resources for the job, from experienced privacy attorneys to contract managers. As a result, we have assembled a specialized team to assist our clients with meeting their compliance deadlines.
The transfer of personal data gathered in the European Economic Area (“EEA”) and the United Kingdom (“UK”) is strictly regulated by the General Data Protection Regulation (the “GDPR”). For instance, personal data can freely flow from the EEA to just 13 countries – countries that the European Commission (the “EC”) has deemed as having “adequate” data protection services laws and practices. Thus, companies collecting personal data in the EEA wanting to transfer this data to “inadequate” countries must apply “appropriate safeguards” to the data.
The most used safeguard is standard contractual clauses or commonly referred to as “SCCs.” SCCs are standardized and pre-approved contractual language, developed by the European Commission (“EC”), to ensure that all data transferred to any “inadequate” country has essentially the same level of protection as that provided by European Union law. Despite all the attention on the newly published SCCs, they are not actually new. The EC approved the prior version under the old Directive 95/46/EC ("Old SCCs"). For the reasons discussed previously, the EC published two new sets of SCCs on June 4, 2021. The “First Set” replaces the Old SCCs and should be used for international transfers of personal data. The “Second Set” (which is actually new) governs the transfer of personal data between controllers and processors – even those operating solely within the EU (for simplicity, the First and Seconds Set of SCCs will be collectively referred to as the “New SCCs”).
The New SCCs are the result of significant changes in EU law. While the Old SCCs addressed only controller to controller transfers in one set of clauses and controller to processor transfers in another set, the New SCCs are purportedly designed to be more versatile and easier to use. While they remain a combination of non-negotiable, standard clauses, they are in a modular format for transfers from (i) controller to the controller; (ii) controller to the processor; (iii) processor to processor; and (iv) processor to the controller.
Critically, businesses have until December 27, 2022, to replace all Old SCCs with the New SCCs. This will be a monumental task for some businesses. Advisori can help. We have the privacy practices lawyers, contract managers, and analysts necessary to handle any SCC update project.
We do the following to ensure that our clients meet their regulatory guidelines.