November 30, 2021

Volume XI, Number 334

Advertisement
Advertisement

November 30, 2021

Subscribe to Latest Legal News and Analysis

November 29, 2021

Subscribe to Latest Legal News and Analysis

Transition Period for Old Standard Contractual Clauses Ends

On September 27, 2021, the transition period allowing companies to continue using the old EU Standard Contractual Clauses (“SCCs”) for new transfers from the EU to a third country ended. Companies entering into new transfer agreements incorporating the SCCs must now use those published by the European Commission on June 4, 2021 (the “new SCCs”). Transfers from the UK that rely on SCCs must continue to use the old SCCs.

Background

On June 4, 2021, the European Commission published the final version of the implementing decision on SCCs for transfers of personal data from the EU to third countries under the EU General Data Protection Regulation (“GDPR”), as well as the final version of the new SCCs. The new SCCs provided for a transition period of three months, during which companies could continue using the old SCCs. As of September 27, 2021, companies entering into new transfer agreements must now use the new SCCs. Contracts signed before September 27, 2021 that already incorporated the old SCCs will remain valid until December 27, 2022 (provided that the old SCCs remain unchanged).

Use in the UK

The UK has not recognized the new EU SCCs and companies therefore cannot currently use them to legitimize data transfers from the UK. For the time being, companies must continue relying on the old SCCs to safeguard transfers of data from the UK. In due course, the UK international data transfer agreement (currently subject to a public consultation) will be available for transfers from the UK to a third country. As part of this proposal, the UK ICO has released a simple draft template Addendum to the EU SCCs, that (if adopted) would allow companies to adapt the new EU SCCs to work in the context of UK transfers.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 277
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement