Standard Contractual Clauses (SCCs) are a set of provisions used to ensure legal compliance and data protection in the transfer of personal data from European Union (EU) member states to countries outside of the EU. As businesses increasingly rely on cross-border data transfers, SCCs have become an essential tool to ensure data protection compliance.
In July 2020, the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield, a framework designed to facilitate data transfers between the EU and the United States. This ruling sent shockwaves through the business world, leaving many organizations scrambling to find a new framework to support their data transfers.
In response to this ruling, the European Data Protection Board (EDPB) released guidance on the use of SCCs. The guidance stressed that businesses must assess the data protection laws and practices of the destination country before transferring personal data.
To further support these efforts, the European Commission (EC) published a new set of SCCs in June 2021. The new SCCs are designed to reflect changes in EU data protection law, including the General Data Protection Regulation (GDPR) and the CJEU`s ruling.
The new SCCs provide a single contractual framework for companies to use when transferring personal data outside of the EU. They include mandatory provisions outlining the parties` obligations and responsibilities, including provisions requiring data controllers to conduct due diligence on the data importer.
The SCCs also require data controllers to notify data subjects of their data transfer and provide them with a copy of the SCCs. This requirement ensures that data subjects are informed of the transfer and understand their rights.
When using the new SCCs, businesses must conduct a risk assessment to ensure that the data transfer complies with the GDPR. Companies must also ensure that the SCCs are tailored to their specific needs and reflect the nature of the data being transferred.
In conclusion, the new SCCs represent an important step forward in data protection compliance. They provide businesses with a standardized framework to ensure that data transfers outside of the EU comply with EU data protection laws. While the new SCCs are not a silver bullet, they provide helpful guidance for managing risk and ensuring that data protection compliance is a top priority in cross-border data transfers.