All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from
Deadline: ‘Old’ Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022
After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA). To avoid compliance risks associated with illegal transfers of personal data, any old SCCs should be updated to…
Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Is a company permitted to transfer personal information from Europe to the United States in conjunction with discovery in US litigation?
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use…
Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Visual | Description and Implications |
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company |
…
Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Visual | Description and Implications |
|
…
Data Transfers from European Companies to Their Non-European Affiliates
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A-1 (EEA) → Controller A-2 (Non-EEA)
Visual | Description and Implications |
|
…
Data transfers from a European controller to a second European controller to a non-European controller
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Controller C (Non-EEA)
Visual | Description and Implications |
|
…
Data transfers from a controller in the EEA, to another controller in the EEA, to a processor outside of the EEA
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Processor Z (Non-EEA)
Visual | Description and Implications |
|
…