The European Commission has finally released the first updates to the standard contractual clauses (SCCs) required for certain cross-border transfers in more than 10 years. The new SCCs include versions for use between processors and controllers, as well as one for transfers to third countries. These new SCCs mark the first change in such clauses since 2010 and in view of the Court of Justice of the European Union's decision in Schrems II.
We will write more on this in the future, but the updated versions are intended to provide more flexibility for data processing for all parties to such a transfer and “will offer more legal predictability to European businesses and help, in particular, SMEs to ensure compliance with requirements for safe data transfers, while allowing data to move freely across borders, without legal barriers.” Regulated entities currently operating under the 2010 versions will have 18 months to update existing agreements with these SCCs.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.