On 12 November, the Commission published its proposal for revised set of standard contractual clauses (SCCs). The SCCs are one of the safeguards for transfers of personal data outside of the European Economic Area (EEA) under the General Data Protection Regulation (GDPR). The proposal is open for consultation until 10 December.

The revised SCCs introduce several changes as compared to the clauses that are currently in force. These are among others:

  • provisions for multi-party use and the possibility of new parties to accede to them;
  • introduction of the processor-to-processor and processor-to-controller SCCs; and
  • possibility of using the SCCs by organisations established outside of the EU.

The clauses also specify the requirements for data exporters and importers in terms of impact assessment, reporting, documentation and obligations towards data subjects.

It is proposed that the old clauses will have to be replaced by the new ones within 12 months.