The Standard Contractual Clauses (SCCs) have been a hot topic in the tech world lately, as they have been updated to reflect the current state of data transfers. The SCCs have been in use since 2001 as a means to transfer personal data outside the European Union (EU) and European Economic Area (EEA).
The new draft for the SCCs was released in November 2020 and has been subject to public consultation. The new SCCs take into account the General Data Protection Regulation (GDPR) and the Schrems II ruling, which invalidated the previous SCCs. The Schrems II ruling stated that the previous SCCs did not adequately protect the personal data of EU citizens when transferred to third countries.
The new draft SCCs are designed to provide more comprehensive protection for personal data transferred to third countries. The clauses include provisions for data processing and security measures, as well as the rights of data subjects. The new SCCs also have specific provisions for processors and sub-processors, which were not covered in the previous SCCs.
One of the biggest changes in the new draft SCCs is the requirement for parties to conduct a risk assessment before transferring personal data to a third country. The risk assessment must take into account the laws, regulations, and practices of the third country, as well as any additional safeguards that may be required.
Another significant change is the requirement for parties to notify each other and the relevant supervisory authority if they are unable to comply with the SCCs. This is intended to ensure transparency and accountability in the data transfer process.
The new SCCs have also been designed to be more flexible and adaptable to different situations. They can be used for both controller-to-controller transfers and controller-to-processor transfers, as well as transfers between multiple parties.
Overall, the new draft SCCs are a significant improvement on the previous SCCs and are designed to provide greater protection for personal data transferred to third countries. As an SEO copy editor, it is important to be aware of these changes and incorporate them into any content related to data transfers and data protection. By doing so, you can help your clients stay up-to-date and compliant with the latest regulations.