Interested in training for your team? Click here to learn more

EU-Approved GDPR Standard Contract Clauses: Mandatory Assessments, Affirmative Obligations of Data Importers

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, December 6, 2022

Recorded event now available

or call 1-800-926-7926

The CLE course will guide counsel on the Standard Contractual Clauses (SCCs) released by the European Union in 2021. The SCCs address the compliance requirements for cross-border data transfers under the EU's General Data Protection Regulation (GDPR). The panel will address what the EU has instituted and how the SCCs resolve certain practical issues companies face when using the older versions but simultaneously introduce obligations for businesses that transfer personal data out of the EU. The panel will also discuss the released set of SCCs to address GDPR Article 28 requirements for controller-to-processor personal data transfers within the European Economic Area (EEA).


SCCs are template data transfer agreements that allow data exporters to transfer data to countries outside the European Economic Area (EEA) that the European Commission identifies as providing an "inadequate" level of data protection (including Australia, Brazil, China, India, and the U.S. The prior SCCs (approved by the Commission over a decade ago) are perhaps the most popular data transfer mechanism under EU data protection law. The new SCCs reflect requirements under the GDPR and the Schrems II decision of the EU's highest court.

Counsel should prepare to identify which European personal data flows (including those involving employees, customers, suppliers, and affiliates) will be impacted, whether SCCs are necessary under the GDPR, and whether and who must comply with the (rigorous) obligations under the SCCs. Counsel must also assess whether, under Schrems II, the laws of the country where the data is imported (mainly U.S. law) are consistent with the SCCs and the EU law in general (including the Charter of Fundamental Rights of the EU and the GDPR) and if any "supplementary measures" are necessary to boost data protection.

U.S. and non-EU-based businesses must comply with the provisions requiring appropriate "transfer diligence" on customers and suppliers concerning data transfers. Counsel should work with companies to identify relevant contracts with customers, suppliers, and affiliates.

Listen as our expert panel addresses what the new SCCs mean for continued business in the EU and beyond. The panel will discuss best practices in updating contracts and policy provisions to comply with these standards.



  1. History
    1. Standard contractual clauses for DPAs
  2. The implementation of the new SCCs under Articles 46(1) and (2)(c) of the GDPR
  3. The implementation of the new standard contractual clauses for DPAs under Article 28(7) of the GDPR
  4. Timeline
    1. Old SCCs adopted under Directive 95/47/EC
    2. Old SCCs executed before Sept. 27, 2021
  5. Consequences


The panel will review these and other key topics:

  • What are the obligations for data importers, including importers acting as controllers, addressed in the new SCCs?
  • How do the new SCCs consolidate terms and allow controllers and processors to select the relevant clauses that apply on a modular basis?
  • How do the SCCs affect U.S.-based businesses and non-EU established data exporters to the extent the processing is subject to the GDPR under the extraterritorial reach of GDPR Article 3(2)?
  • What are the processor terms included in the new SCCs?
  • How are choice of governing law and jurisdiction affected by the SCCs?
  • How do the SCCs address the concerns raised by the CJEU in Schrems II?


Kristensen, Gareth
Gareth Kristensen

Cleary Gottlieb Steen & Hamilton

Mr. Kristensen’s practice focuses on intellectual property, technology, and commercial contracts matters,...  |  Read More

Hakki Can Yildiz

Cleary Gottlieb Steen & Hamilton

Mr. Yildiz focuses his practice on data protection, cyber security, digital markets regulatory, and technology...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video