DE | EN | RU

info@winheller.com+49 (0)69 76 75 77 80Mon. - Fri. from 8am to 8pm, Sat. from 8am to 5pm

EU Commission Adopts New GDPR Standard Contractual Clause

Jun 30, 21 • Privacy LawNo Comments

EU Commission adopts new GDPR standard contractual clauseWith the new standard contractual clause, the EU Commission has introduced an important instrument for international data transfer. But what are the implications of this decision for controllers and processors in Germany?

What is a standard contractual clause?

Data transfer outside the EU/EEA must comply with the level of protection stipulated in the GDPR. In the absence of an adequacy decision by the EU Commission, the contracting parties must guarantee this level themselves. The new standard contractual clause presents such a guarantee. It requires its users to comply with the GDPR level of protection.

Uniform new standard clause

Previously, data exporters had to assess whether and which security measures were necessary to ensure the level of protection on a case-by-case basis. The purpose of the new standard clause is to standardize this. It merges the previously existing clauses into one modular clause. Moreover, it contains provisions on liability. The parties are permitted to determine the place of jurisdiction and the applicable law themselves. This makes the conclusion of a contract more flexible, but it is also more time-consuming. In addition, the parties must contractually ensure that no legal provisions prevent them from fulfiling their obligations under the clause. This should enable the parties to incorporate their individual experience in dealing with legislation and authorities. However, this clause could still be overturned by the European Court of Justice (ECJ).

Replacement of previous standard contractual clause by the end of 2022

By December 27, 2022, companies are required to have replaced all previously concluded standard contractual clauses for data transfers to third countries with the new version of the clause. This yields two action steps that companies should take now.

  1. First, it is necessary to examine which data are transmitted on the basis of previous clauses.
  2. Companies should then urge their contracting parties in third countries to agree to the new standard clause.

Indeed, the conclusion can be extremely time-consuming due to the necessary risk assessment and negotiations on appropriate measures. We are happy to support you in properly assessing the risk and finding GDPR-compliant measures.

Continue reading:
Creating a data protection concept for your company
Challenge in Data Protection: Data Transfer From the EU to the USA and Great Britain

Stefan Winheller

Attorney Stefan Winheller has specialized in tax law for about 20 years, especially in the areas of cryptocurrencies, foundations/nonprofits and international tax law.

>> show profile

Leave a Comment

Your email address will not be published. Required fields are marked with *

WINHELLER Blog via Newsletter

Subscribe to our free newsletter and receive regular updates on German business law by e-mail. (Mandatory fields are marked with *)

German Business Law News (4 times a year)
I would like to subscribe to the selected newsletter and for that purpose give my consent to WINHELLER to process my above mentioned data. I have read the "Information for Data Processing in the Newsletter Subscription". I understand that I can revoke my consent at any time with effect for the future by clicking the unsubscribe button within the newsletter. *