GDPR update on transfers outside the EU announced

The European Commission has published new GDPR Standard Contractual Clauses (SCCs) for transfers of personal data to third countries, which will impact on the operations of Language Service Companies.

Commenting, Raisa McNab, CEO of the EUATC’s founding member, the Association of Translation Companies (ATC), who was commissioned to develop EUATC Guide GDPR and Personal Data in Content for Translation says:

“To securely transfer personal data to a third country outside the EU/EEA, a company must apply appropriate transfer safeguards. These safeguards help ensure that personal data is afforded a level of protection equivalent to that guaranteed within the EU.

“Some third countries, such as the United Kingdom, are already deemed as adequate in their GDPR equivalence, but for the majority of third countries, other safeguards are needed.

“To ensure sufficient levels of protection, companies can make use of GDPR Standard Contractual Clauses (SCCs) offering contractual safeguards for data transfers to a third country.

“For the language services industry, the newly published new SCCs are significant, as they now cover transfer scenarios not previously captured by the old SCCs.”

Previous versions of the GDPR SCCs only covered transfer scenarios controller-to-controller and controller-to-processor.

Among other updates, the new SCCs now also cover modular transfer scenarios for:

  • Processor-to-(sub-)processor
  • Processor-to-controller

The new SCCs now enable language service companies to apply standard contractual clauses for transfers of personal data to their freelance suppliers located in third countries.

Read more about the GDPR SCC updates at:

European Commission adopts new tools for safe exchanges of personal data

Standard contractual clauses for the transfer of personal data to third countries

Standard contractual clauses between controllers and processors

EDPB recommendations on protection measures

warns “National data protection authorities in individual EU member countries may not yet have updated their guidance on the new SCCs.

The old SCCs remain valid until 27 September 2021. Existing contracts and contracts concluded before 27 September 2021 based on the old SCCs remain valid until 27 December 2022.

The EUATC will continue to monitor the changes in personal data protection regulations, and aims to provide further detailed guidance in the coming months as national data protection authorities’ guidance is updated

EU Commissioner for Justice, Didier Reynders, said: “In our modern digital world, it is important that data can be shared with the necessary protection – inside and outside the EU. With these reinforced clauses, we are giving more safety and legal certainty to companies for data transfers. After the Schrems II ruling, it was our duty and priority to come up with user-friendly tools, which companies can fully rely on. This package will significantly help companies to comply with the GDPR.”