Reminder: New standard contractual clauses entered into force on September 27 | Benesch
Contracts concluded before September 27 must be amended to adopt the new standard contractual clauses by December 27, 2022.
Since September 27, entities that enter into new contracts subject to the General Data Protection Regulation (“GDPR”) Must use the updated standard contractual clauses of the European Commission (“CSC“).
From now on, the EU expects entities to use the following two sets of SCCs. First, if an entity is involved in the international transfer of data of the European Economic Area (“EEE“), they should use the SCCs linked here. Second, if an entity is involved in the data transfer in EEA, they should use the SCCs linked here.
Contracts entered into before September 27 may continue to depend on old CSCs, but only until the end of next year. Such contracts which continue to depend on the old SCCs must replace them with the new SCCs by December 27, 2022.
Context and context
Last summer, the European Commission updated its NCCs to better align with the EU’s GDPR and respond to the Schrems II legal landscape.
In Schrems II, the Court of Justice of the European Union has notoriously rescinded the EU-U.S. Privacy Shield. The Court also questioned the validity of the old CSCs. To address the concerns raised by the Court, the European Commission adopted the new CCPs.
The first set of new SCCs are familiar as they relate to the traditional transfer of personal data from geographic locations in the EEA to geographic locations outside the EEA. The second set of new SCCs is brand new and specifically covers the engagement of data processors in the EEA when there is no transfer of data to a geographic location outside the EEA. Check out our previous in-depth analysis of how CHCs have changed here.