Updated Standard Contractual Clauses

The Standard Contractual Clauses (SCCs) are one of the approved methods under the EU General Data Protection Regulation (GDPR) to transfer personal data from the EEA to outside the EEA. Given the Schrems II decision [add link to blog], it isn't surprising that the European Commission is looking to speed up revisions to the SCCs by the end of 2020 (see video link).

The currently approved SCCs are (see link)

2001 EU controller to non-EEA controller

2004 EU controller to non-EEA controller

2010 EU controller to non-EEA processor

Among the issues to be addressed in the new revisions are: (1) requirements introduced by the GDPR, such as the processor requirements under Article 28; (2) more transfer scenarios such as between an EU data processor and a non-EU data processor; and (3) allowing multiple parties to sign SCCs.