The Clock is Ticking: Are Your Contract Terms Out-of-Date for Transfers of Personal Data Subject to the GDPR?

[Things don’t stand still in the world of data privacy. Check out our updates about the EU Adequacy Decision and next steps:, and background here – Third Time Lucky? Personal Data Transfers between the U.S., EU, UKDraft EU “Adequacy Decision” for Data Transfers to U.S. Now What?]

Does the European Union (“EU”)’s General Data Protection Regulation (GDPR”) apply to your  contracts’ transfers of Personal Data from the European Economic Area (“EEA”) to a country (such as the United States) that the EU deems to lack “adequate” safeguards?

  • If so, do you rely on contract terms to permit such cross-border transfers? 
  • If yes, it’s time to check your contracts – do they have the current SCCs for international transfers (Commission Implementing Decision (EU) 2021/914, aka “new” SCCs”)? 
    • The grace period to transition from earlier SCC versions (where entered into by September 27, 2021) ends December 27, 2022

By Kathy O’Sullivan, Esq. (CIPP/E, CIPP/US)

Looking to learn about information technology contracts? Tech Contracts Academy offers public and in-house trainings

© 2022 by Tech Contracts Academy, LLC. All rights reserved.

Thank you to for great, free stock images.

Share the Post:

Related Posts