Description

EC implements two sets of SCCs ensuring data protection

The two sets of standard contractual clauses adopted by the European Commission in June 2021 are now implemented. There had been a grace period since September 2021. The first clause is to be used between controllers and processors, while the second clause was adopted with the purpose of facilitating personal data transfer to third countries all while ensuring high-quality data protection for citizens.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2020-11-12
under deliberation

EC publishes draft Standard Contractual Clauses for cross-border data transfers to countries whose …

2021-06-04
adopted

The European Commission adopts two sets of standard contractual clauses. The first clause is to be …

2021-09-27
in grace period

The two sets of standard contractual clauses adopted by the European Commission in June 2021 are no…

2022-12-27
in force

The two sets of standard contractual clauses adopted by the European Commission in June 2021 are no…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): transfer (any destination)
Regulatory tool
Risk or other impact assessment requirement
Regulator notification requirement
Registration requirement
User right to information about third-parties, with which data has been shared
Standard contractual clauses requirement
Sanctions
Determined by existing law or regulation
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): transfer (any destination)