The European Commission has published the draft decision and standard contractual clauses (attached), with a view to remodelling SCCs under the new legislation on the protection of personal data and in the light of the “Schrems II” judgment of the EU Court of Justice.
SCCs are a useful tool for implementing data transfers outside the European Economic Area, according to Article 46 GDPR, subject to appropriate safeguards.
The new set is composed of 4 “modules” for each transfer:
1) “Controller to Controller”;
2) “Controller to Processor”;
3) “Processor to Processor”;
4) “Processor to Controller”.
The drafts have been open for public consultation until December 10.
A “buffer period” of one year, from the entry into force of the Decision, is foreseen. It allows the actors to use the previous set of SCCs, supplemented with additional measures to ensure that transfers are carried out with due guarantees in line with the provisions of art. 46 paragraph 1 GDPR.