Companies that rely on standard contractual clauses (“SCCs”) for transferring personal data from the European Economic Area (“EEA”) to jurisdictions not considered to offer an adequate level of data protection under the EU General Data Protection Regulation must ensure that none of their existing contracts use the old SCCs after 27 December 2022.

Businesses are required to update their existing contracts with customers, vendors and entities in their corporate group to include the European Commission’s new SCCs to legally transfer personal data from the EEA to non-adequate jurisdictions (such as the United States).

Continue reading.