EU-Approved GDPR Standard Contract Clauses: Mandatory Assessments, Affirmative Obligations of Data Importers

Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
- work Practice Area
Commercial Law
- event Date
Tuesday, December 6, 2022
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
The CLE course will guide counsel on the Standard Contractual Clauses (SCCs) released by the European Union in 2021. The SCCs address the compliance requirements for cross-border data transfers under the EU's General Data Protection Regulation (GDPR). The panel will address what the EU has instituted and how the SCCs resolve certain practical issues companies face when using the older versions but simultaneously introduce obligations for businesses that transfer personal data out of the EU. The panel will also discuss the released set of SCCs to address GDPR Article 28 requirements for controller-to-processor personal data transfers within the European Economic Area (EEA).
Faculty

Mr. Kristensen’s practice focuses on intellectual property, technology, and commercial contracts matters, particularly in the life sciences, financial services, and technology sectors. He advises leading multinational corporations, private equity firms, and high-growth companies on the IP, technology, and commercial contracts aspects of M&A, joint ventures and collaborations, complex carve-outs and business separations, capital markets offerings, and other significant corporate and commercial transactions. Mr. Kristensen’s commercial contracts experience includes collaboration, option, and licence agreements; manufacturing, supply, and distribution agreements; transitional services and IT infrastructure separation agreements; co-marketing and co-promotion agreements; consortium agreements; R&D services arrangements; IT outsourcings; business and digital transformation projects; and e-commerce arrangements. He also advises on the full range of legal issues relating to data, including data protection (GDPR), privacy, and cybersecurity matters.

Mr. Yildiz focuses his practice on data protection, cyber security, digital markets regulatory, and technology matters.
Description
SCCs are template data transfer agreements that allow data exporters to transfer data to countries outside the European Economic Area (EEA) that the European Commission identifies as providing an "inadequate" level of data protection (including Australia, Brazil, China, India, and the U.S. The prior SCCs (approved by the Commission over a decade ago) are perhaps the most popular data transfer mechanism under EU data protection law. The new SCCs reflect requirements under the GDPR and the Schrems II decision of the EU's highest court.
Counsel should prepare to identify which European personal data flows (including those involving employees, customers, suppliers, and affiliates) will be impacted, whether SCCs are necessary under the GDPR, and whether and who must comply with the (rigorous) obligations under the SCCs. Counsel must also assess whether, under Schrems II, the laws of the country where the data is imported (mainly U.S. law) are consistent with the SCCs and the EU law in general (including the Charter of Fundamental Rights of the EU and the GDPR) and if any "supplementary measures" are necessary to boost data protection.
U.S. and non-EU-based businesses must comply with the provisions requiring appropriate "transfer diligence" on customers and suppliers concerning data transfers. Counsel should work with companies to identify relevant contracts with customers, suppliers, and affiliates.
Listen as our expert panel addresses what the new SCCs mean for continued business in the EU and beyond. The panel will discuss best practices in updating contracts and policy provisions to comply with these standards.
Outline
- History
- Standard contractual clauses for DPAs
- The implementation of the new SCCs under Articles 46(1) and (2)(c) of the GDPR
- The implementation of the new standard contractual clauses for DPAs under Article 28(7) of the GDPR
- Timeline
- Old SCCs adopted under Directive 95/47/EC
- Old SCCs executed before Sept. 27, 2021
- Consequences
Benefits
The panel will review these and other key topics:
- What are the obligations for data importers, including importers acting as controllers, addressed in the new SCCs?
- How do the new SCCs consolidate terms and allow controllers and processors to select the relevant clauses that apply on a modular basis?
- How do the SCCs affect U.S.-based businesses and non-EU established data exporters to the extent the processing is subject to the GDPR under the extraterritorial reach of GDPR Article 3(2)?
- What are the processor terms included in the new SCCs?
- How are choice of governing law and jurisdiction affected by the SCCs?
- How do the SCCs address the concerns raised by the CJEU in Schrems II?
Related Courses
Recommended Resources
Navigating Modern Legal Challenges: A Comprehensive Guide
- Business & Professional Skills
- Career Advancement
How to Build a Standout Personal Brand Without Sacrificing Billable Hours
- Career Advancement