New EU-Approved GDPR Standard Contract Clauses: Mandatory Assessments, Affirmative Obligations of Data Importers

Recording of a 90-minute CLE video webinar with Q&A


Conducted on Tuesday, September 14, 2021

Recorded event now available

or call 1-800-926-7926
Course Materials

The CLE course will guide counsel on the new Standard Contractual Clauses (SCCs) released by the European Union on June 4, 2021. The new SCCs address the compliance requirements for cross-border data transfers under the EU's General Data Protection Regulation (GDPR). The panel will address what the EU has instituted and how the new SCCs resolve certain practical issues companies faced when using the older versions but simultaneously introduce new obligations for businesses that transfer personal data out of the EU. The panel will also discuss the released set of SCCs to address GDPR Article 28 requirements for controller-to-processor personal data transfers within the European Economic Area (EEA).

Description

SCCs are template data transfer agreements that allow data exporters to transfer data to countries outside the EEA that the European Commission identifies as providing an "inadequate" level of data protection (including Australia, Brazil, China, India, and the U.S.). (Organizations subject to the GDPR cannot make such data transfers unless they use SCC or an alternate data transfer mechanism approved under the GDPR.) The old SCCs (approved by the Commission over a decade ago) are perhaps the most popular data transfer mechanism under EU data protection law. The new SCCs, which replace the old SCCs, reflect requirements under the GDPR and the Schrems II decision of the EU's highest court.

Counsel should be prepared to identify which European personal data flows (including those involving employees, customers, suppliers, and affiliates) will be impacted, whether SCCs are necessary under the GDPR, and whether and who must comply with the (rigorous) obligations under the new SCCs. Counsel must also assess whether under Schems II, the laws of the country the data is imported (particularly, U.S. law) are consistent with the SCCs and the GDPR and if any "supplementary measures" are necessary to boost data protection.

U.S. and non-EU-based businesses must comply with the provisions requiring appropriate "transfer diligence" on customers and suppliers in connection with any data transfers. Counsel should work with companies to identify relevant contracts with customers, suppliers, and affiliates.

Listen as our expert panel addresses this major update to the GDPR and what the new SCCs mean for continued business in the EU and beyond. The panel will discuss best practices in updating contract and policy provisions to comply with these standards.

READ MORE

Outline

  1. History
    1. Standard contractual clauses for DPAs
  2. The implementation of the new SCCs under Articles 46(1) and (2)(c) of the GDPR
  3. The implementation of the new standard contractual clauses for DPAs under Article 28(7) of the GDPR
  4. Timeline
    1. Old SCCs adopted under Directive 95/47/EC
    2. Old SCCs executed before Sept. 27, 2021
  5. Consequences

Benefits

The panel will review these and other key topics:

  • What are the obligations for data importers, including importers acting as controllers addressed in the new SCCs?
  • Which types of transfers that the existing SCCs don't expressly cover are covered under the new SCCs?
  • How do the new SCCs consolidate terms and allow controllers and processors to select the relevant clauses that apply on a modular basis? How do the new SCCs affect U.S.-based businesses and non-EU established data exporters to the extent the processing is subject to the GDPR under the extraterritorial reach of GDPR Article 3(2)?
  • What are the processor terms included in the new SCCs?
  • How are choice of governing law and jurisdiction affected by the new SCCs?
  • How do the new SCCs address the concerns raised by the CJEU in Schrems II?

Faculty

Blaney, Ryan
Ryan P. Blaney

Partner
Proskauer Rose

Mr. Blaney's practice focuses on representing clients in the healthcare and life sciences industries in a wide...  |  Read More

Gerlach, Natascha
Natascha Gerlach

Senior Attorney
Cleary Gottlieb Steen & Hamilton

Ms. Gerlach’s practice focuses on electronic discovery and European data protection law. She is managing the...  |  Read More

Kristensen, Gareth
Gareth Kristensen

Attorney
Cleary Gottlieb Steen & Hamilton

Mr. Kristensen’s practice focuses on intellectual property, technology, and commercial contracts matters,...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

Download