European Commission issued the modernized Standard Contractual Clauses (SCCs) for data transfers between EU/EEA and non-EU/EEA countries

On 4 June 2021, the European Commission issued the modernized standard contractual clauses under the General Data Protection Regulation (the GDPR) for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR) to controllers or processors established outside the EU/EEA (and not subject to the GDPR). The text of the final working document is available on the official EU website here.

These SCCs will replace the three sets of SCCs that were adopted under the previous Data Protection Directive 95/46/EC.

Please note that SCCs ensuring appropriate data protection safeguards may be used as a ground for data transfers from the EU/EEA to third countries. In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. Such appropriate safeguards may consist of making use of, inter alia, these standard data protection clauses adopted by the European Commission. Those safeguards should ensure compliance with data protection requirements and the rights of the data subjects appropriate to processing within the European Union, including the availability of enforceable data subject rights and of effective legal remedies, including to obtain effective administrative or judicial redress and to claim compensation, in the European Union or in a third country (see recital 108 of the GDPR).