Three years after the GDPR came into effect, the European Commission has issued the much-awaited final version of two new sets of Standard Contractual Clauses that are expected to enable data controllers and processors to address some of the thorny issues in the transfer of personal data of EU/EEA citizens. The Press Release of the EU Commission, dated June 4, 2021, is available here.
Five New Templates
As anticipated from prior drafts, the new Standard Contractual Clauses framework is comprised of two sets of documents that address two distinct settings. A total of five documents can be used depending on the circumstances:
One category provides one document, intended to address transfers between controllers and processors when both parties are in the EU/EEA (or otherwise subject to the GDPR) and must meet the GDPR Art. 28.
The other group addresses, in addition, the issues arising from crossborder data transfers where one of the entities is established outside the EU/EEA (and not subject to the GDPR). Four scenarios are addressed: Controller-to-controller transfers; Controller-to-processor transfers; Processor-to-processor transfers; and Processor-to-controller transfers.(more…)