- The New EU SCCs will come into force on 27 June 2021 and data exporters subject to GDPR will have until 27 December 2022 to transition their existing arrangements to the new clauses.
- They are modular in approach and cover the following scenarios: C to C; C to P; P to P; P to C, with some general clauses applying to all the scenarios, and some tailored to each scenario.
- They will require the parties to carry out a Schrems II-style transfer impact assessment in respect of the local laws and practices of the destination country, but there is some flexibility for the parties to use their judgement based on the nature of the data transfer and their practical experience.
- They will increase the compliance and accountability burden, GDPR-style, on data importers which previously might not have been used to such measures.
- The new clauses are an improvement in some ways (particularly in terms of providing specifically for P-P transfers (a major gap in the old clauses)) and by incorporating Article 28 wording such that, when using the C-P module, the parties do not also have to enter into an Article 28-style DPA. However, the new SCCs do not improve the current duty on data exporters to consider where local laws may impact on the importer's ability to comply with the contract and the rather impossible obligation to then take some sort of corresponding action to address that. We can only hope for more guidance from the EDPB and the ICO soon on this difficult issue.