Controllers and processors wishing to rely or continue to rely on the European Commission's standard contractual clauses ("SCCs") mechanism for transfers of personal data outside the European Union must adopt or, where applicable, replace existing clauses with the new SCCs before 27 December 2027.

The new modular SCCs for transfers were adopted on 4 June 2021 as more specifically detailed in our previous article GDPR compliance - New standard contractual clauses .

They provide the flexibility to cover various transfer scenarios within one single document, i.e. transfers from controller to controller, from controller to processor; from processor to processor and from processor to controller. Elvinger Hoss Prussen uses a specific tool to prepare efficiently any module or any combination of modules of standard contractual clauses.

Although the new SCCs reflect some requirements deriving from the GDPR as interpreted in the light of the famous "Schrems II" Case, they do not remove the consequences of the CJEU ruling and the need to assess the necessity to adopt supplemental measures as recommended by the European Data Protection Board.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.