Edpb Standard Contractual Clauses 2020

The European Data Protection Board (EDPB) has released the updated Standard Contractual Clauses (SCCs) in response to the General Data Protection Regulation (GDPR) requirements for international data transfers. These clauses serve as a legal framework for the sharing of personal data between controllers and processors outside of the European Economic Area (EEA).

The new SCCs, which were approved on June 4th, 2021, are a comprehensive set of clauses that provide legal certainty for businesses when transferring personal data across borders. They are designed to ensure a high level of protection for personal data, and enable businesses to comply with GDPR requirements.

The 2020 SCCs introduced a number of changes, including the fact that they are designed to support data transfers from GDPR-regulated entities to non-EU/EEA countries. They also propose a modular approach to provide flexibility to controllers and processors to adapt the clauses to their specific needs.

There are three sets of clauses in the 2020 SCCs: one for transfers between controllers, one for transfers between controllers and processors, and one for transfers between processors. The clauses are tailored to different relationships and scenarios that may occur between entities.

The new SCCs take into account the latest legal developments arising from the Schrems II judgment of the Court of Justice of the European Union (CJEU), which invalidated the EU-US Privacy Shield. They emphasise the need for businesses to assess data protection risks in the context of the transfer and take appropriate measures to mitigate any risks to personal data.

The 2020 SCCs also set out additional safeguards that businesses must put in place to ensure compliance with GDPR requirements. These include measures such as encryption, pseudonymisation, and regular security assessments.

In conclusion, the EDPB`s release of the updated Standard Contractual Clauses provides a comprehensive legal framework for businesses to transfer personal data across borders while complying with GDPR requirements. The modular approach and additional safeguards offered by the SCCs provide much-needed flexibility and assurance to businesses, which will enable them to continue operating in a global environment while ensuring the protection of personal data.