The day the data protection world has been waiting for has finally arrived. Today, the European Commission published draft updated standard contractual clauses (“SCCs”), over two years after the GDPR came into force. Each clause has different modules depending on whether the transfer of data is C2C, C2P, P2C or P2P, and additional "Schrems II" warranties and notification provisions for local law issues have been added.
Being open for comments until 10 December (and then inevitably taking further time to finalise) will raise many immediate questions for companies after the initial excitement and read-through. Specifically, will most now hold off putting in place new SCCs for Schrems II or Brexit until these new ones are finalised, and if so, what risk does this gap in compliance bring about? We hope the EC and data protection authorities will help answer these questions quickly.