With the Commission Implementing Decision EU (2021/914 of June 4, 2021 the European Commission has adopted new standard contractual clauses, thus creating a legal basis for the transfer of data into “insecure” (third) countries pursuant to Art. 46 (2) lit. c GDPR.
These new standard contractual clauses are structured modularly and can be used for the following constellations:
- Transfer from controller to controller
- Transfer from controller to processor
- Transfer from processor to (sub-)processor
- Retransfer from processor in the EU to a controller in a third country