After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA). To avoid compliance risks associated with illegal transfers of personal data, any old SCCs should be updated to
Transfer Impact Assessment (TIA)
Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (remote worker) (different country)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Visual | Description and Implications |
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company |
…
Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Visual | Description and Implications |
|
…
Data Transfers from European Companies to Their Non-European Affiliates
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A-1 (EEA) → Controller A-2 (Non-EEA)
Visual | Description and Implications |
|
…
Data transfers from a European controller to a second European controller to a non-European controller
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Controller C (Non-EEA)
Visual | Description and Implications |
|
…
Data transfers from a controller in the EEA, to another controller in the EEA, to a processor outside of the EEA
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Processor Z (Non-EEA)
Visual | Description and Implications |
|
…
Data Transfers from Data Subjects in the EEA to non-EEA Processors of EEA Controllers
Controller A (Non-EEA) → Processor Z (Non-EEA) → Sub-processor Y (EEA) → Controller A (Non-EEA) (same country)
Visual | Description and Implications |
|
…