What You Need to Know About the EC’s New Standard Contractual Clauses

What You Need to Know About the EC’s New Standard Contractual Clauses
by Jerry Levine

Say “hello” to the European Commission’s (EC) new Standard Contractual Clauses (SCC)! Very recently, the commission published its SCCs for all general counsels (GCs), and legal and compliance teams to enjoy.

The EC, which is the executive branch of the European Union (EU), proposes legislation, implements decisions, and manages the everyday business on behalf of the EU. It also adopts new tools for safer exchanges of personal data. On June 4, the EC adopted two sets of standard contractual clauses: one for use between controllers and processors, and another for the transfer of personal data to third countries.Standard contractual clauses help companies legalize transfers of personal data from outside of the European Economic Area.

“In Europe, we want to remain open and allow data to flow, provided that the protection flows with it.” Vera Jourová, the EC’s Vice-President for Values and Transparency, said in the commission’s press release. “The modernized Standard Contractual Clauses will help to achieve this objective: they offer businesses a useful tool to ensure they comply with data protection laws, both for their activities within the EU and for international transfers. This is a needed solution in the interconnected digital world where transferring data takes a click or two.”

By reflecting the latest requirements under the May 2016 General Data Protection Regulation (GDPR) — and taking into account the Court of Justice’s Schrems II judgment — the newly published SCCs directly address the realities now faced by organizations. Due to their standardization and pre-approval, the SCCs also provide companies with templates that are easy to implement. Companies can then meet all data protection requirements, confidently and quickly.

Benefits of the New Standard Contractual Clauses

But what are the new SCCs exactly, and what are the benefits? For the most part, their sole purpose is to help companies legalize transfers of personal data from outside of the European Economic Area. They will also serve as lawful mechanisms that U.K.-based companies can use. (Of course, organizations in the U.S. and other countries will need to be fully aware of this, too!)

Basically, controllers and processors can continue using the previous sets of SCCs for an additional three months and 20 days. After that period, you will have 18 months and 20 days to use the new SCCs. It’s also important to note that a number of regional organizations and third countries — on the basis of converging principles — have developed or issued their own SCCs. The EC, accordingly, will further increase its cooperation with global partners, to facilitate data transfers between different regions.

The next pressing question is “what do the new SCCs actually do?” For GCs and other legal professionals, the key takeaways are as follows:Standard contractual clauses provide flexibility for complex processing chains.

  • They give the clauses a much-needed GDPR “facelift” (Updates are completely in line with the GDPR)
  • They allow for several types of transfers — those between a processor and a sub-processor (A single entry-point covers a wide range of transfer scenarios, instead of different sets of clauses)
  • SCCs provide flexibility for complex processing chains (A ‘modular approach’ is taken, and more than two parties are permitted to join and use the clauses)
  • They address the requirements of the Schrems II judgment (A “practical toolbox” shows companies the different steps and ‘supplementary measures’, like encryption, they must take to comply with the Schrems II decision)

One Legal Platform

Ultimately, the EC’s announcement will make certain that all contracts and intra-group agreements contain the new SCCs, if and when personal data is transferred. Naturally, this will mean redrafting plenty of contracts and related documents, too. But if you’re a GC or a member of an in-house legal or compliance team, you don’t have to worry about this. (Really!) Not with an AI-driven legal automation system that looks into the totality of your legal document database. Not with a single data repository that helps keep track of, let alone manage, crucial contractual details.

Check out our Contract Risk and Compliance (CR&C) Data Sheet today. Find out how gaining deeper insights into every contract helps you to manage the risk profile of these vital company assets and make better decisions. Conveniently enough, the CR&C feature is included in the new ContractPodAi Cloud. As such, our unified legal platform can help you quickly identify agreements containing those older — now troublesome — Standard Contractual Clauses.

Jerry Levine

 Jerry Levine
 Connect with us on Linkedin



Request a demo

Contact us today for your personalised demo.