Sovy
  • Products
    • Data Privacy Essentials℠
    • myConsentChoice CMP
    • Whistleblowing Portal
    • Outsourced DPO
    • EU/UK Representative Services
    • Compliance Spot Check
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Sovy Academy℠
    • Introduction to GDPR
    • Introduction to GDPR for Recruitment
    • GDPR for Managers
    • GDPR for DPOs
    • GDPR for IT Professionals
    • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us
  • Products
    • Data Privacy Essentials℠
    • myConsentChoice CMP
    • Whistleblowing Portal
    • Outsourced DPO
    • EU/UK Representative Services
    • Compliance Spot Check
    • All Products
    • Free GDPR Scan
    • Free GDPR Readiness Survey
  • Sovy Academy℠
    • Introduction to GDPR
    • Introduction to GDPR for Recruitment
    • GDPR for Managers
    • GDPR for DPOs
    • GDPR for IT Professionals
    • Introduction to Cybersecurity
  • Resources
    • Free GDPR Scan
    • Free GDPR Readiness Survey
    • Knowledge Portal
    • Data Privacy Blog
  • Pricing
    • Data Privacy Essentials
    • myConsentChoice CMP
  • About Sovy
    • Mission
    • Team
    • Investor Relations
    • Partnerships
    • Contact Us

Data Privacy Blog

June 3, 2022  |  By Camelia Nastasi

Questions and Answers on the new standard contractual clauses

new sccs

Schrems II decision

The CJEU's (Court of Justice of the European Union) "Schrems II" decision demonstrated that transfers of personal data to the US do not provide enough security safeguards. The result was the cancellation of the US-EU Privacy Shield.

This judgement stopped the transfer of data, particularly to US companies who collect it from EU citizens via European subsidiaries.

Confrontations between authorities and US firms began to emerge throughout Europe as a result of their non-compliance with the data protection laws.

Consequently, the Schrems II decision resulted in the suspension of data transfers to third countries. The authorities have begun to conduct checks to identify possible breaches of the Schrems II provisions. Checks such as e-mails, website hosting, web monitoring, and the way controllers manage applicants' data.

These checks are welcome because many of the organizations that collect significant amounts of personal data are subsidiaries of US parent companies.

By establishing the SCCs, the Commission, on the other hand, attempted to limit transfers to third countries.

On June 4, 2022, new SCCs (Standard Contractual Clauses) were adopted, and they went into effect on September 27, 2021

What are the new SCCs?

  1. SCCs for the relationship between controllers and processors within the EEA area. Both public and private companies, as well as EU institutions, can use it. They meet the GDPR's Article 28 and Article 29 criteria (The General Data Protection Regulation).
  2. SCCS for transferring personal data outside of EU. Data exporters can use these words without obtaining approval from a data protection authority. They comply with GDPR standards by providing appropriate safeguards for data transferred outside of the EEA.

On May 25, 2022, a new guidance in the form of a Q&A was released to provide practical assistance. The guidance is based on the feedback of several organisations about their initial experiences with the new SCCs.

Conclusions

The adoption of these new clauses appears to be a potential solution to the issues arised from the Schrems II judgement. They provide a higher level of protection for data subjects' personal information.

In other words, controllers who choose the European Commission's clauses will comply with the Regulation 679/2016's requirements.

These clauses basically lay out the modalities, conditions, and obligations that the parties must meet in order to comply with data regulations while transferring data.

The guidance does not provide legal advice. However, we recommend that you read the complete Q&A instructions since it provides important information that can help in securing the transfer of personal data.

Also there is no obligation to use the SCCs. Controllers can use it voluntarily to demonstrate compliance with data protection rules, in which case is necessary a binding contractual agreement.

 

Read more: GDPR Article 3 and the Provisions on International Transfers as per Chapter V-New Guidelines by the EDPB

Source: https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf

Last updated: June 3, 2022

Article by Camelia Nastasi

Previous StoryMassive data breaches occur on a regular basis in Europe and the United States
Next StoryWhat are the benefits of the GDPR for your business?

SEARCH

CATEGORIES

  • CCPA (1)
  • consent management (2)
  • CPRA (2)
  • Cybersecurity (2)
  • Data Privacy Fines (2)
  • Data Protection Officer (1)
  • Data security and privacy (6)
  • GDPR (67)
  • GDPR fines (8)
  • GDPR guidance (10)

TAG CLOUD

2020 cookie policy data breach data privacy data protection facial recognition fines GDPR tik tok

ARCHIVES

  • October 2023 (1)
  • July 2023 (1)
  • June 2023 (2)
  • May 2023 (1)
  • April 2023 (2)
  • March 2023 (1)
  • February 2023 (1)
  • January 2023 (2)
  • December 2022 (1)
  • November 2022 (1)
  • October 2022 (1)
  • September 2022 (1)
  • August 2022 (1)
  • July 2022 (1)
  • June 2022 (3)
  • May 2022 (2)
  • April 2022 (1)
  • March 2022 (1)
  • February 2022 (1)
  • January 2022 (2)
  • December 2021 (1)
  • November 2021 (1)
  • September 2021 (1)
  • August 2021 (1)
  • July 2021 (2)
  • June 2021 (2)
  • May 2021 (2)
  • February 2021 (1)
  • January 2021 (1)
  • December 2020 (1)
  • November 2020 (4)
  • October 2020 (3)
  • September 2020 (1)
  • August 2020 (1)
  • July 2020 (2)
  • June 2020 (3)
  • May 2020 (2)
  • April 2020 (2)
  • February 2020 (1)
  • January 2020 (3)
  • December 2019 (3)
  • November 2019 (1)
  • July 2019 (3)
  • May 2019 (3)
  • March 2019 (2)
  • January 2019 (2)
  • December 2018 (3)
  • November 2018 (2)
  • September 2018 (1)
  • July 2018 (1)
  • June 2018 (1)

LATEST POSTS

  • tiktok fined
    TikTok Fined €345m, Appeals Data Privacy Fine Imposed by DPC
  • wordpress cookie consent
    WordPress Cookie Consent: Become Compliant with myConsentChoice
  • outsourced dpo
    Outsourced DPO: Improving Business Data Protection
  • how do spear phishing attacks differ from standard phishing attacks
    How Do Spear Phishing Attacks Differ from Standard Phishing Attacks?
  • biggest gdpr fines
    Meta, Facebook’s Parent Company, Hit with Enormous €1.2 Billion Fine for EU Rule Violations: Among the Biggest GDPR Fines Ever Imposed

QUICK LINKS

  • About Us
  • Resources
  • Privacy Policy
  • Terms
  • Manage Consent
  • Contact Us

Sovy GDPR Privacy Essentials

  • Subscription Benefits
  • Pricing
  • Log in
  • GDPR for Small Businesses
  • GDPR for Enterprises
  • GDPR for Sole Traders
  • GDPR for Charities

SOVY LOCATIONS

Ireland HQ

Registered Office
Woods House
Cannon Street, Kells
Co. Meath, A82 RF86
Ph: +353 (4)6 929-3537

Trading Office
St Gall's House
St Gall Gardens South
Milltown, Dublin 14
D14 Y882

Brussels

Rond-Point Schuman 11
1040 Brussels
Belgium

London

Registered Office
Kemp House
152-160 City Road
London EC1V 2N

Trading Office
9-10 Staple Inn
2nd Floor
London WC1V 7QH

New York

NY Metropolitan Area
2037 Lemoine Ave
Suite 452,
Fort Lee, N.J. 07024, USA

ASSOCIATIONS

Copyright © 2023 Sovy Trust Solutions Limited. All Rights Reserved. Registered in Ireland, No. 610835 and No. 605069