Last year, the new EU Standard Contractual Clauses (SCC) were published and came into force for all new customer agreements in September 2021.
The new SCCs were created as an update to the old Directive SCCs and to address the Schrems II requirements that you must take into account when you share personal data with providers that are located outside Europe.
It is important to remember that by the end of 2022 all existing data processing agreements (where personal data is transferred outside the EU) must be updated with the new SCCs.
SCCs are standard contractual terms from the EU. The SCCs contain obligations on you and your vendor and determine that you both must comply with the GDPR. SCC’s can be a stand-alone legal contract or incorporated into your Data Processing Agreement.
On 27th December 2022 organisations need to have transitioned all existing contracts using the old Directive SCCs to the new EU SCCs.
This means that you have to get new Data Processing Agreements (DPA) in place with many of your vendors & providers, since the old SCCs are often part of the DPA.
Openli has developed a Privacy Hub that makes documenting and assessing DPAs and new SCCs easy and transparent. Our team of Privacy Experts will reach out to your vendors and ensure that you will have all the documentation you need to be compliant with the GDPR.
If you want to learn more about transfers and SCCs, be sure to check our blog.