Last week, following a lengthy review, the European Commission has finally approved an updated version of the Standard Contractual Clauses (SCCs) to govern data transfers. Companies will have approximately 18 months to overhaul and adapt their data agreements and privacy practices to meet the requirements of the new SCCs.

This may be a familiar situation for US-based and other non-EU companies. Back in 2018, the General Data Protection Regulation (GDPR) was passed in Europe and permanently changed the privacy legal landscape for both EU companies as well as companies abroad. Non-EU companies who did not normally fall under the jurisdiction of EU authorities suddenly found themselves subject to the extra-territorial scope of the GDPR. Even more, other non-EU companies outside the direct scope of GDPR found themselves indirectly subject to GDPR, due to their receipt and processing of EU personal data. Given the hefty fines that can be levied for violations of GDPR, companies had no choice but to overhaul their data agreements and privacy practices to comply.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]