The European Commission has adopted two sets of standard contractual clauses, one for use between controllers and processors and one for the transfer of personal data to third countries. They reflect the new requirements of the General Data Protection Regulation (GDPR) and take into account the Schrems II judgment of the Court of Justice, ensuring a high level of data protection for citizens. These new tools will provide greater legal predictability to European businesses and, in particular, help SMEs to ensure compliance with data transfer security requirements, while allowing data to flow freely across borders, without legal barriers.
Vice President for Values and Transparency Vera Jourová said: “In Europe, we want to stay open and allow data to flow, provided that protection ensues. The modernized standard contractual clauses will help achieve this goal: they offer businesses a useful tool to ensure that they comply with data protection laws, both for their activities within the EU and for international transfers. . It is a necessary solution in the interconnected digital world where data transfer takes a click or two.
Justice Commissioner Didier Reynders said: “In our modern digital world, it is important that data can be shared with the necessary protection – inside and outside the EU. With these strengthened clauses, we give more security and legal certainty to companies for data transfers. After the Schrems II judgment, it was our duty and our priority to offer user-friendly tools on which companies can fully rely. This package will significantly help businesses comply with GDPR.
More information is available here.