In July 2020, the CJEU resolved the now famous Schrems II case, which, in practice, invalidated the Privacy Shield, which has so far been the basis for transferring personal data to countries outside the European Union. As a consequence of this judgment, EU bodies began work on preparing new guidelines for the legal and secure transfer of data to third countries such as the USA, for example.
One of the results of this work is the draft implementing decision prepared by the European Commission on standard contractual clauses (SCC) and the draft of new clauses. The draft proposed by the European Commission is an important suggestion for organisations which process data and helps to define their duties in the area of data management depending on the role of a given organisation.
The document can be accessed at the following link: https://tiny.pl/789gg
The draft will be subject to public consultation by 10 December, and the final form will probably be drawn up at the beginning of 2021, which will then be put to the vote of the Member States. Nevertheless, it is already worth looking at the draft if your company transfers personal data to third countries.
Author: Aleksandra Hajdukiewicz, Trainee Attorney-at-law, associate at Kołecka Law Firm