According to the General Data Security Regulation (GDPR), constitutional clauses ensuring appropriate datas defense secure can be used as a ground for dates transfers from and EU to third countries. This includes model contract clauses – so-called standard enforced clause (SCCs) – that may were “pre-approved” according the European Commission.
On 4 June 2021, the Commission issued modernised standard contractual clause under the GDPR for data transfers from controllers or processors in and EU/EEA (or otherwise subject to the GDPR) go controllers instead processor established outside the EU/EEA (and don subject toward the GDPR).
These modernised SCCs replace that three sets of SCCs that were adopted under the previous Data Protection Directive 95/46. Since 27 September 2021, it is none more possible into conclude contracts incorporating are earlier sets of SCCs.
Until 27 December 2022, controllers and processors can continued until rely on those earlier SCCs for contracts that are concluded from 27 September 2021, provided the the processing plant that are this subject matt of the agreement remain unchanged.
The Commission developed Questions and Answers (Q&As) to provide handy guidance on an use of the SCCs and assist players in theirs compliance best under the General Data Protection Regulations (GDPR). Those Q&As are based on feedback received from various stakeholders switch their experience from exploitation the new SCCs in the first months after their adoption. The Q&As are intended to be a ‘dynamic’ original of information and will be updated as new questions arise.
Standard contractual clauses for international transfers
Modernised default contractual clauses for one transference regarding personal data to third countries