SlideShare a Scribd company logo

A Brief Introduction to Standard Contractual Clauses (2021).pptx

Download as PPTX, PDF
B
BrianMiller591083

A brief guide to the Replacement Standard Contractual Clauses issued by the European Commission in 2021. What are SCCs? Under GDPR, transfers of personal data to third countries are prohibited. However where appropriate safeguards are in place to protect the data, these transfers are allowed. Third countries are countries that are not in the EEA, and that do not have an ‘adequacy decision’ in their favour from the European Commission. An adequacy decision is only made to countries whose data protection laws protect personal data in an equivalent manner to the GDPR. Note that the UK received its adequacy decision from the EC in June 2021, so that countries in the EU can now safely transfer data to us without it having to have SCCs in place with us. The SCCs are the most common method of safeguarding when it comes to transfers to third countries. SCCs are a standard set of terms that are provided by the European Commission to use for such transfers. Apart from where minor tweaks are needed, you must not make any changes to the SCCs, unless it is to add protections or more clauses on business related issues. You can add parties (i.e. additional data importers or exporters) provided they are also bound by the SCCs.

Law
1 of 17
Replacement Standard Contractual Clauses Brian Miller Consultant
Replacement Standard Contractual Clauses BRIEF INTRODUCTION TO SCCs • GDPR restricts the transfer of personal data to ‘third countries’, save where appropriate “safeguards” in place. • Standard Contractual Clauses (“SCCs”) are one safeguard – a standard set of contractual terms put together by the European Commission. • Can be used to transfer data to a ‘third country’, being a country that does not have an “adequacy decision” by the European Commission.
Replacement Standard Contractual Clauses NEW “REPLACEMENT” SCCs • European Commission published Implementing Decision adopting new Standard Contractual Clauses (“New SCCs”) on 4th June 2021 • Clauses can be used from 27th June 2021 (the “effective date”)
Replacement Standard Contractual Clauses NEW SCCs • New SCCs address 3 key points: – Allow parties to meet international data transfer obligations under the General Data Protection Regulation (“GDPR”) – Consistent with Schrems II judgement – Address known deficiencies in current standard contractual clauses
Replacement Standard Contractual Clauses NEW SCCs • Old SCCs were only: – Controller to processor – Processor to controller New ones cover:  From a controller to another controller (C2C)  From a controller to a processor (C2P)  From a processor to a processor (P2P)  From a processor to its appointing controller (P2C) – Consistent with Schrems II judgement – Address known deficiencies in current standard contractual clauses
Replacement Standard Contractual Clauses TRANSITION PERIOD • What does this mean in practice? – Organisations can start using the new SCCs immediately – Data exporters and importers can still use the old SCCs for two more months, to 27 September 2021. – After 27th September 2021, no new contracts can be signed using the old SCCs – Data exporters and importers have 18 months from 27 June 2021 (until 27.12.22) to replace contracts using the old SCCs with contracts using the new
Replacement Standard Contractual Clauses WHEN ARE NEW SCCS USED? – When the data exporter is subject to GDPR and not in EU  e.g. processing data of EU citizens from Panama OR – When the data importer is not subject to GDPR  e.g. French exporter sending data to Panama
Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES • New SCCs cover transfers from: – Controller to another controller (C2C) – Controller to a processor (C2P) – Processor to a processor (P2P) – Processor to its appointing controller (P2C) • Docking clauses
Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES • “Docking Clause”: – allows new parties to accede to new clauses in case of changes over time – Useful for intra-group data transfers (e.g. if new subsidiary is set up that needs to ‘sign up’ to the intra- group arrangements with an overseas parent company).
Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES New SCCs are drafted to take into account the decision in Schrems II: • restate clauses from old SCCs that were considered positively by the ECJ, e.g.: obligations on • data exporter to consider “level of protection of personal data in third country” (EDPB Report, Annexe 3) • data importer to notify exporter of its inability to comply with SCCs (if that be the case), and • exporter to suspend data transfers or terminate agreement as a result SCCs incorporate clauses to bring them in line with the Schrems judgement such as the new requirement for data transfer impact assessments (DTIAs)
Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT • Transfer impact assessment is a risk assessment. The new SCCs set out the factors that data exporters need to consider in a transfer impact assessment: • Facts of transfer • Local laws of the importer • Relevant technical, contractual or organisational safeguards which may be needed
Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT Once risk assessment undertaken, EXPORTER must: – Keep record of the risk assessment – provide copy to authority if requested – take appropriate action (e.g. suspend or terminate processing) if DTIA evidences non-compliance – maintain measures that allow the parties quickly to suspend/terminate their agreement if either unable to comply at any point
Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT • Further obligations on data importers in respect of public authorities. The data importer must: – notify the data exporter when local laws change – notify data exporter and data subjects that importer has received a request by a public authority to access personal data – assess the legality of such order/request and challenge the order if considered illegal – (where possible) seek interim measures to suspend disclosure – Disclose the minimum amount of personal data reasonably possible – Document requests and steps taken in response – supply information and a transparency report to data exporter
Replacement Standard Contractual Clauses UK COMPATABILITY • Future Transfers – New SCCs do not presently cover transfers of personal data from UK – Old SCCs can still be used for restricted transfers from UK until the ICO has come up with something suitable ICO has created UK versions of old SCCs:  Controller to controller  Controller to processor – UK would need to approve the new SCCs for them to be valid in the UK.
Replacement Standard Contractual Clauses UK COMPATABILITY • Existing Transfers – Old SCCs can still be used for restricted transfers from UK, and can be used after transition period (27.9.21) – After Schrems II, need to assess if there is ‘essentially equivalent’ protection in place in importer’s country If old SCCs do not provide sufficient protection, take additional measures – European Commission now approved the UK as having adequacy => no SCCs required for transferring data to UK
Replacement Standard Contractual Clauses FUTURE OF SCCS • ICO intends to consult on and publish UK specific SCCs during 2021. • ICO and Secretary of State to monitor SCC transitional arrangements. • Old SCCs may cease at some point to be valid for new and/or existing restricted transfers from the UK.
Replacement Standard Contractual Clauses Thank you for listening! ICO’s UK versions of old SCCs:  Controller to controller  Controller to processor EDPB’s Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data: here Waterfront’s Data Transfer Impact Assessment template: here DTIA Advice Note: here

Recommended

EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
TrustArc
 
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
NETWAYS
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 
Financial services club, 17 january 2018
Financial services club, 17 january 2018Financial services club, 17 january 2018
Financial services club, 17 january 2018
Chris Skinner
 
Eversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments WebinarEversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments Webinar
Eversheds Sutherland
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
TAG Alliances
 
Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts
Osborne Clarke
 

Recommended

EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
TrustArc
 
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...
NETWAYS
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 
Financial services club, 17 january 2018
Financial services club, 17 january 2018Financial services club, 17 january 2018
Financial services club, 17 january 2018
Chris Skinner
 
Eversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments WebinarEversheds Safe Harbor Developments Webinar
Eversheds Safe Harbor Developments Webinar
Eversheds Sutherland
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
TAG Alliances
 
Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts
Osborne Clarke
 
Planning and development club - May 2017, Nottingham
Planning and development club - May 2017, NottinghamPlanning and development club - May 2017, Nottingham
Planning and development club - May 2017, Nottingham
Browne Jacobson LLP
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
IT Governance Ltd
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
NEC4 overview: key changes and impacts - London, September 2017
NEC4 overview: key changes and impacts - London, September 2017NEC4 overview: key changes and impacts - London, September 2017
NEC4 overview: key changes and impacts - London, September 2017
Browne Jacobson LLP
 
Brexit webinar-2.12.2020
Brexit webinar-2.12.2020Brexit webinar-2.12.2020
Brexit webinar-2.12.2020
PwC Polska
 
Harmonised rules and network codes: The division of competences between Europ...
Harmonised rules and network codes: The division of competences between Europ...Harmonised rules and network codes: The division of competences between Europ...
Harmonised rules and network codes: The division of competences between Europ...
Florence Shool of Regulation
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Brian Miller, Solicitor
 
The impact of Public Contracts Regulations 2015 on public procurement exercis...
The impact of Public Contracts Regulations 2015 on public procurement exercis...The impact of Public Contracts Regulations 2015 on public procurement exercis...
The impact of Public Contracts Regulations 2015 on public procurement exercis...
Browne Jacobson LLP
 
NEC4 overview: key changes and impacts - Nottingham, September 2017
NEC4 overview: key changes and impacts - Nottingham, September 2017NEC4 overview: key changes and impacts - Nottingham, September 2017
NEC4 overview: key changes and impacts - Nottingham, September 2017
Browne Jacobson LLP
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
iCrossing
 
NEC4 overview: key changes and impacts - Birmingham, September 2017
NEC4 overview: key changes and impacts - Birmingham, September 2017NEC4 overview: key changes and impacts - Birmingham, September 2017
NEC4 overview: key changes and impacts - Birmingham, September 2017
Browne Jacobson LLP
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements
Brussels Legal Hackers
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreements
Tommy Vandepitte
 
Let's talk doing business in Europe - 2. Contracts & Legal Issues
Let's talk doing business in Europe - 2. Contracts & Legal IssuesLet's talk doing business in Europe - 2. Contracts & Legal Issues
Let's talk doing business in Europe - 2. Contracts & Legal Issues
Vivien Badaut
 
Exchange/Regulator interactions on commodity contracts (product approval, rep...
Exchange/Regulator interactions on commodity contracts (product approval, rep...Exchange/Regulator interactions on commodity contracts (product approval, rep...
Exchange/Regulator interactions on commodity contracts (product approval, rep...
Національна комісія з цінних паперів та фондового ринку
 
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknownsLegal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Erik Vollebregt
 
BEPS Webcast #4 - Presentation of 2014 Deliverables
BEPS Webcast #4 - Presentation of 2014 DeliverablesBEPS Webcast #4 - Presentation of 2014 Deliverables
BEPS Webcast #4 - Presentation of 2014 Deliverables
OECDtax
 
Are You Ready for the New Tangible Property Rules?
Are You Ready for the New Tangible Property Rules?Are You Ready for the New Tangible Property Rules?
Are You Ready for the New Tangible Property Rules?
CBIZ, Inc.
 
Polish CIT in 2019 - CIT and TP revolution marches on
Polish CIT in 2019 - CIT and TP revolution marches onPolish CIT in 2019 - CIT and TP revolution marches on
Polish CIT in 2019 - CIT and TP revolution marches on
PwC Polska
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand
TrustArc
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
mefyqyn
 
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[kAsif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
bhavenpr
 

More Related Content

Similar to A Brief Introduction to Standard Contractual Clauses (2021).pptx

Similar to A Brief Introduction to Standard Contractual Clauses (2021).pptx (20)

Planning and development club - May 2017, Nottingham
Planning and development club - May 2017, NottinghamPlanning and development club - May 2017, Nottingham
Planning and development club - May 2017, Nottingham
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
NEC4 overview: key changes and impacts - London, September 2017
NEC4 overview: key changes and impacts - London, September 2017NEC4 overview: key changes and impacts - London, September 2017
NEC4 overview: key changes and impacts - London, September 2017
 
Brexit webinar-2.12.2020
Brexit webinar-2.12.2020Brexit webinar-2.12.2020
Brexit webinar-2.12.2020
 
Harmonised rules and network codes: The division of competences between Europ...
Harmonised rules and network codes: The division of competences between Europ...Harmonised rules and network codes: The division of competences between Europ...
Harmonised rules and network codes: The division of competences between Europ...
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
The impact of Public Contracts Regulations 2015 on public procurement exercis...
The impact of Public Contracts Regulations 2015 on public procurement exercis...The impact of Public Contracts Regulations 2015 on public procurement exercis...
The impact of Public Contracts Regulations 2015 on public procurement exercis...
 
NEC4 overview: key changes and impacts - Nottingham, September 2017
NEC4 overview: key changes and impacts - Nottingham, September 2017NEC4 overview: key changes and impacts - Nottingham, September 2017
NEC4 overview: key changes and impacts - Nottingham, September 2017
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
NEC4 overview: key changes and impacts - Birmingham, September 2017
NEC4 overview: key changes and impacts - Birmingham, September 2017NEC4 overview: key changes and impacts - Birmingham, September 2017
NEC4 overview: key changes and impacts - Birmingham, September 2017
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreements
 
Let's talk doing business in Europe - 2. Contracts & Legal Issues
Let's talk doing business in Europe - 2. Contracts & Legal IssuesLet's talk doing business in Europe - 2. Contracts & Legal Issues
Let's talk doing business in Europe - 2. Contracts & Legal Issues
 
Exchange/Regulator interactions on commodity contracts (product approval, rep...
Exchange/Regulator interactions on commodity contracts (product approval, rep...Exchange/Regulator interactions on commodity contracts (product approval, rep...
Exchange/Regulator interactions on commodity contracts (product approval, rep...
 
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknownsLegal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
 
BEPS Webcast #4 - Presentation of 2014 Deliverables
BEPS Webcast #4 - Presentation of 2014 DeliverablesBEPS Webcast #4 - Presentation of 2014 Deliverables
BEPS Webcast #4 - Presentation of 2014 Deliverables
 
Are You Ready for the New Tangible Property Rules?
Are You Ready for the New Tangible Property Rules?Are You Ready for the New Tangible Property Rules?
Are You Ready for the New Tangible Property Rules?
 
Polish CIT in 2019 - CIT and TP revolution marches on
Polish CIT in 2019 - CIT and TP revolution marches onPolish CIT in 2019 - CIT and TP revolution marches on
Polish CIT in 2019 - CIT and TP revolution marches on
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand
 

Recently uploaded

一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
doypbe
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard Program
Colington Consulting
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
doypbe
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
doypbe
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
ZurliaSoop
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
acyefsa
 

Recently uploaded (20)

一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
 
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[kAsif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
 
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdklEmbed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
Embed-3-2.pdfkp[k[odk[odk[d[ok[d[pkdkdkl
 
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
Skill Development in Law, Para Legal & other Fields and Export of Trained Man...
 
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekpEmbed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
 
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
 
Common Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdfCommon Legal Risks in Hiring and Firing Practices.pdf
Common Legal Risks in Hiring and Firing Practices.pdf
 
Petitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docxPetitioner Moot Memorial including Charges and Argument Advanced.docx
Petitioner Moot Memorial including Charges and Argument Advanced.docx
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
MERGERS & ACQUISITION - PPT.ppt PRESENTATION
MERGERS & ACQUISITION - PPT.ppt PRESENTATIONMERGERS & ACQUISITION - PPT.ppt PRESENTATION
MERGERS & ACQUISITION - PPT.ppt PRESENTATION
 
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
一比一原版(MSU毕业证书)密苏里州立大学毕业证成绩单原件一模一样
 
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
一比一原版(UC Davis毕业证书)加州大学戴维斯分校毕业证原件一模一样
 
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
 
2024 Managing Labor + Employee Relations Seminar
2024 Managing Labor + Employee Relations Seminar2024 Managing Labor + Employee Relations Seminar
2024 Managing Labor + Employee Relations Seminar
 
Essential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard ProgramEssential Components of an Effective HIPAA Safeguard Program
Essential Components of an Effective HIPAA Safeguard Program
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
 
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
 

A Brief Introduction to Standard Contractual Clauses (2021).pptx

  • 2. Replacement Standard Contractual Clauses BRIEF INTRODUCTION TO SCCs • GDPR restricts the transfer of personal data to ‘third countries’, save where appropriate “safeguards” in place. • Standard Contractual Clauses (“SCCs”) are one safeguard – a standard set of contractual terms put together by the European Commission. • Can be used to transfer data to a ‘third country’, being a country that does not have an “adequacy decision” by the European Commission.
  • 3. Replacement Standard Contractual Clauses NEW “REPLACEMENT” SCCs • European Commission published Implementing Decision adopting new Standard Contractual Clauses (“New SCCs”) on 4th June 2021 • Clauses can be used from 27th June 2021 (the “effective date”)
  • 4. Replacement Standard Contractual Clauses NEW SCCs • New SCCs address 3 key points: – Allow parties to meet international data transfer obligations under the General Data Protection Regulation (“GDPR”) – Consistent with Schrems II judgement – Address known deficiencies in current standard contractual clauses
  • 5. Replacement Standard Contractual Clauses NEW SCCs • Old SCCs were only: – Controller to processor – Processor to controller New ones cover:  From a controller to another controller (C2C)  From a controller to a processor (C2P)  From a processor to a processor (P2P)  From a processor to its appointing controller (P2C) – Consistent with Schrems II judgement – Address known deficiencies in current standard contractual clauses
  • 6. Replacement Standard Contractual Clauses TRANSITION PERIOD • What does this mean in practice? – Organisations can start using the new SCCs immediately – Data exporters and importers can still use the old SCCs for two more months, to 27 September 2021. – After 27th September 2021, no new contracts can be signed using the old SCCs – Data exporters and importers have 18 months from 27 June 2021 (until 27.12.22) to replace contracts using the old SCCs with contracts using the new
  • 7. Replacement Standard Contractual Clauses WHEN ARE NEW SCCS USED? – When the data exporter is subject to GDPR and not in EU  e.g. processing data of EU citizens from Panama OR – When the data importer is not subject to GDPR  e.g. French exporter sending data to Panama
  • 8. Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES • New SCCs cover transfers from: – Controller to another controller (C2C) – Controller to a processor (C2P) – Processor to a processor (P2P) – Processor to its appointing controller (P2C) • Docking clauses
  • 9. Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES • “Docking Clause”: – allows new parties to accede to new clauses in case of changes over time – Useful for intra-group data transfers (e.g. if new subsidiary is set up that needs to ‘sign up’ to the intra- group arrangements with an overseas parent company).
  • 10. Replacement Standard Contractual Clauses STRUCTURE OF NEW CLAUSES New SCCs are drafted to take into account the decision in Schrems II: • restate clauses from old SCCs that were considered positively by the ECJ, e.g.: obligations on • data exporter to consider “level of protection of personal data in third country” (EDPB Report, Annexe 3) • data importer to notify exporter of its inability to comply with SCCs (if that be the case), and • exporter to suspend data transfers or terminate agreement as a result SCCs incorporate clauses to bring them in line with the Schrems judgement such as the new requirement for data transfer impact assessments (DTIAs)
  • 11. Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT • Transfer impact assessment is a risk assessment. The new SCCs set out the factors that data exporters need to consider in a transfer impact assessment: • Facts of transfer • Local laws of the importer • Relevant technical, contractual or organisational safeguards which may be needed
  • 12. Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT Once risk assessment undertaken, EXPORTER must: – Keep record of the risk assessment – provide copy to authority if requested – take appropriate action (e.g. suspend or terminate processing) if DTIA evidences non-compliance – maintain measures that allow the parties quickly to suspend/terminate their agreement if either unable to comply at any point
  • 13. Replacement Standard Contractual Clauses DATA TRANSFER IMPACT ASSESSMENT • Further obligations on data importers in respect of public authorities. The data importer must: – notify the data exporter when local laws change – notify data exporter and data subjects that importer has received a request by a public authority to access personal data – assess the legality of such order/request and challenge the order if considered illegal – (where possible) seek interim measures to suspend disclosure – Disclose the minimum amount of personal data reasonably possible – Document requests and steps taken in response – supply information and a transparency report to data exporter
  • 14. Replacement Standard Contractual Clauses UK COMPATABILITY • Future Transfers – New SCCs do not presently cover transfers of personal data from UK – Old SCCs can still be used for restricted transfers from UK until the ICO has come up with something suitable ICO has created UK versions of old SCCs:  Controller to controller  Controller to processor – UK would need to approve the new SCCs for them to be valid in the UK.
  • 15. Replacement Standard Contractual Clauses UK COMPATABILITY • Existing Transfers – Old SCCs can still be used for restricted transfers from UK, and can be used after transition period (27.9.21) – After Schrems II, need to assess if there is ‘essentially equivalent’ protection in place in importer’s country If old SCCs do not provide sufficient protection, take additional measures – European Commission now approved the UK as having adequacy => no SCCs required for transferring data to UK
  • 16. Replacement Standard Contractual Clauses FUTURE OF SCCS • ICO intends to consult on and publish UK specific SCCs during 2021. • ICO and Secretary of State to monitor SCC transitional arrangements. • Old SCCs may cease at some point to be valid for new and/or existing restricted transfers from the UK.
  • 17. Replacement Standard Contractual Clauses Thank you for listening! ICO’s UK versions of old SCCs:  Controller to controller  Controller to processor EDPB’s Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data: here Waterfront’s Data Transfer Impact Assessment template: here DTIA Advice Note: here