Standard Contractual Clauses for the Transfer of Data to Third Country Controllers and Processors Subject to the GDPR will be Published in the Coming Days

On September 12, 2024 the European Commission has announced that it will publish a new set of standard contractual clauses, specifically designed to deal with the scenario where the imposter is directly subject to the GDPR.

The summary of this initiative is as follows;

• Standard contractual clauses (“SCCs”) are model data protection clauses that EU data exporters can incorporate into their contracts to transfer personal data to data importers in third countries in line with the requirements of the General Data Protection Regulation (“GDPR”).
• These clauses address the specific scenario where the data importer is located in a third country but is directly subject to the GDPR. They complement the existing SCCs, which can be used for data transfers to third country importers that are not subject to the GDPR.

A review of recent history;

• The 2021 SSCs contain 4 different modules for various transfer scenarios
• However, the Commission's implementing decision for the 2021 SCCs states that they can not be used where the importer is not itself directly subject to the GDPR.
• The Commission's FAQs on the 2021 SCCs also state that the clauses are not suitable for transfers to imposter directly subject to the GDPR, and that the Commission is working on a new set to deal with this scenario.
• These new SCCs did not materialise. In their absence, most companies decided to use the 2021 SCCs to cover this transfer scenario, regardless of the Commission's position.

The Commission has announced that it will be published SCCs for public consultation in fourth quarter of 2024 and Commission adoption in second quarter of 2025.

You can reach further information here .

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr