EU Adopts New Tools to Safely Transfer Personal Data

EU Adopts New Tools to Safely Transfer Personal Data

The European Commission on the 4th of June adopted two sets of standard contractual clauses, one for use between controllers and processors and another EU tools for the transfer of personal data to the third-party countries. These clauses are indicative of new requirements under the General Data Protection Regulation (GDPR) and take into account the Schrems II judgment of the Court of Justice, ensuring a high level of data protection for citizens.

These tools will offer more legal predictability to the European businesses and will assist the SMEs to ensure requirements for safe data transfers, while facilitating data to move freely across borders, without any unnecessary legal obligations to adhere to.

The vice president of Values and Transparency Vera Jourová said, “In Europe, we want to remain open and allow data to flow, provided that the protection flows with it. The modernized Standard Contractual Clauses will help to achieve this objective: they offer businesses a useful tool to ensure they comply with the laws of data protection, both for their activities within the EU & for international transfers. This is a needed solution in the interconnected digital world where transferring data takes a click or two.”

Didier Reynders, the Justice Commissioner of the European Union accentuates the importance of sharing data with the necessary protection, inside and outside of the European Union. He detailed that the reinforced clauses are permitting the European Union (EU) to give more legal safety and legal certainty to companies for data transfers. 

He further added that once the Schrems II rolled out, it was the duty & priority of the European Union to come up with user-friendly tools that the end-users could completely rely on. He seemed assured that the complete package will significantly help the companies comply with GDPR.

How the Main Innovations Introduced Under the General Data Protection Regulation Address the Realities Faced By Modern Businesses

The Standard Contractual Clauses (SCCs) provide companies with an easy-to-implement template and the companies understand that when they use these templates they meet the data protection requirements.

Main innovations of the new standard contractual clauses are enlisted under:

  1. Upgradation in alignment with the General Data Protection Regulation (GDPR)
  2. A single entry-point covering an array of transfer scenarios and not the separate and discrete set of clauses
  3. More flexibility for the complex processing chains by adopting a modular approach and by offering the possibilities for multiple parties to join and use the clauses
  4. A practical toolbox complying with the Schrems II judgment covering an overview of different steps that the companies take to comply with Schrems II judgment including an overview of different steps that the companies have to take to comply with Schrems II judgment as well as the examples of possible supplementary measures such as encryption, that company may benefit from if required

A Background of GDPR

The General Data Protection Regulation (GDPR) was legally enforced on 25th May 2018 and came with the standard contractual clauses that are standardized and have pre-approved model data protection clauses that can be incorporated into contractual agreements voluntarily, providing an easy-to-implement tool to comply with the data protection requirements.

To support the relationship between the controllers and the processors, the Commission can adopt the standard contractual clauses as a tool to help demonstrate compliance with GDPR. Additionally, the commission can adopt standard contractual clauses providing data protection safeguards for data to be transferred internationally.On the 16th of July 2020, the Court of Justice confirmed the validity of the European Union’s Standard Contractual Clauses for the transfer of personal data to processors outside the EU/EEA (“SCCs”) while validating the EU-U.S Privacy Shield. Thus, the Court has deserted the equation of international data flows under European Union’s comprehensive data protection regime. The GDPR can continue to be following the norms of the EU Standard Contractual Clauses, while further clarifying the clauses under which they were used.

Leave a Reply