New SCCs for the transfers of personal data to Controllers and Processors that are subject to the GDPR
MyData-TRUST - Data Protection & Privacy for Life Sciences
When Data Protection meets Life Sciences
The European Commission has announced the drafting of a new set of Standard Contractual Clauses (SCCs). To understand the implications of this news, let's look at the context:
?? In 2021, the Commission adopted the SCCs for the transfer of personal data to countries not covered by an adequacy decision.
?? These published SCCs consist of four modules for transfers between: 1) controllers to controllers; 2) controllers to processors; 3) processors to processors (or sub-processors); and 4) processors to controllers.
?? The Commission stated that these SCCs could not be used for controllers and processors carrying out operations to which the GDPR already applies and introduced the need for a specific set of SCCs to cover this situation.
领英推荐
?? Now, three years later, the Commission announces the opening of a public consultation on the draft of the missing set of SCCs. So far, the draft has not been published, but the public consultation will be published in the following months during 2024, and the adoption of the final text is expected in 2025. You can consult the availability of the public consultation here:
This announcement was followed by more than a few concerns and doubts, such as what will happen to the SCCs approved in 2021 that were used to cover transfers to importers subject to GDPR? Can a controller or processor be fined for not using the SCCs approved in 2021, when the Commission has stated that they are not applicable if the importer is subject to GDPR? Will the Commission and the European Data Protection Board align their expectations for their use?
International data transfers are a specific area of data protection compliance that is not always easy to navigate, at MyData-TRUST we count with experts in the field to keep track of developments, contact us for assistance: [email protected]
US Director | Data Protection Officer @ MyData-TRUST | Licensed Attorney, CIPM, CIPP/E, CIPP/US
6 个月Glad to see this gap is finally being addressed!