The General Data Protection Regulation (GDPR) is a law that governs the use and protection of personal data within the European Union (EU). It came into effect on May 25th, 2018, and has had a significant impact on businesses operating within the EU or processing personal data of EU citizens. As companies struggle to comply with the GDPR, the European Commission has introduced the Standard Contractual Clauses (SCCs) to help with data transfer outside the EU.
The SCCs are a set of contractual terms that can be used to ensure data protection during transfers of personal data from the EU to countries outside the EU, which are not considered to provide an adequate level of data protection.
The GDPR defines personal data as any information relating to an identified or identifiable natural person, including names, addresses, email addresses, and phone numbers. Under the GDPR, companies must ensure the lawful and fair processing of personal data and take appropriate measures to protect this data from unauthorized use, disclosure, and theft.
The SCCs are designed to provide companies with the necessary safeguards to ensure that personal data is protected during transfers to countries outside the EU. They help to ensure that companies comply with GDPR requirements when they transfer personal data to third-party companies outside the EU that don`t have adequate data protection measures in place.
The SCCs are contracts between a data exporter (the EU-based company) and a data importer (the third-party company outside the EU). The SCCs include specific data protection clauses that must be adhered to by both parties to ensure the protection of personal data.
The SCCs are not new but have been updated to better align with the GDPR requirements. The new SCCs cover a broader range of data processing scenarios, including transfer between two controllers, a controller to a processor, and a processor to a processor. They also include provisions for protections against government surveillance and additional requirements for data processors.
The European Commission has announced that the new SCCs will be adopted from June 27th, 2021, and companies have a year to implement them. After the transition period, the old SCCs will no longer be valid, and companies must have the new SCCs in place for any new data transfers.
In conclusion, the GDPR is an essential regulation governing the use of personal data within the EU. The Standard Contractual Clauses are a valuable tool for companies to ensure the protection of personal data during transfers to countries outside the EU. Companies must ensure compliance with GDPR requirements and implement the new SCCs to avoid penalties and fines.