GDPR: Only six weeks until the new standard contractual clauses take effect

11/21/2022
Reading time 1 Minute

Standard contractual clauses for the transfer of personal data into countries outside the GDPR’s scope of application are often used to conduct these transfers in accordance with the GDPR. Companies and organizations already using such standard contractual terms must definitely update them by December 27, 2022. Violations will entail severe fines.

With the Commission Implementing Decision EU (2021/914 of June 4, 2021 the European Commission has adopted new standard contractual clauses, thus creating a legal basis for the transfer of data into “insecure” (third) countries pursuant to Art. 46 (2) lit. c GDPR.

These new standard contractual clauses are structured modularly and can be used for the following constellations:

Transfer from controller to controller
Transfer from controller to processor
Transfer from processor to (sub-)processor
Retransfer from processor in the EU to a controller in a third country

Law

GDPR: Only six weeks until the new standard contractual clauses take effect

European Court of Justice questions business model for auctioning personal data for online advertising purposes

German Federal Fiscal Court: Profit from sale of an employee shareholding at arm’s length conditions does not qualify as wage or salary

Legally questionable model clause: EU Commission’s FAQ on mandatory “no re-export to Russia clause” in contracts