BarbriSFCourseDetails
  • videocam On-Demand
  • card_travel Commercial Law
  • schedule 90 minutes

EU-Approved GDPR Standard Contract Clauses: Mandatory Assessments, Affirmative Obligations of Data Importers

$297.00

This course is $0 with these passes:

CLE
ALL
  1. keyboard_arrow_leftBack
BarbriPdBannerMessage

Description

SCCs are template data transfer agreements that allow data exporters to transfer data to countries outside the European Economic Area (EEA) that the European Commission identifies as providing an "inadequate" level of data protection (including Australia, Brazil, China, India, and the U.S. The prior SCCs (approved by the Commission over a decade ago) are perhaps the most popular data transfer mechanism under EU data protection law. The new SCCs reflect requirements under the GDPR and the Schrems II decision of the EU's highest court.

Counsel should prepare to identify which European personal data flows (including those involving employees, customers, suppliers, and affiliates) will be impacted, whether SCCs are necessary under the GDPR, and whether and who must comply with the (rigorous) obligations under the SCCs. Counsel must also assess whether, under Schrems II, the laws of the country where the data is imported (mainly U.S. law) are consistent with the SCCs and the EU law in general (including the Charter of Fundamental Rights of the EU and the GDPR) and if any "supplementary measures" are necessary to boost data protection.

U.S. and non-EU-based businesses must comply with the provisions requiring appropriate "transfer diligence" on customers and suppliers concerning data transfers. Counsel should work with companies to identify relevant contracts with customers, suppliers, and affiliates.

Listen as our expert panel addresses what the new SCCs mean for continued business in the EU and beyond. The panel will discuss best practices in updating contracts and policy provisions to comply with these standards.

Presented By

Gareth Kristensen
Partner
Cleary Gottlieb Steen & Hamilton LLP

Mr. Kristensen’s practice focuses on intellectual property, technology, and commercial contracts matters, particularly in the life sciences, financial services, and technology sectors. He advises leading multinational corporations, private equity firms, and high-growth companies on the IP, technology, and commercial contracts aspects of M&A, joint ventures and collaborations, complex carve-outs and business separations, capital markets offerings, and other significant corporate and commercial transactions. Mr. Kristensen’s commercial contracts experience includes collaboration, option, and licence agreements; manufacturing, supply, and distribution agreements; transitional services and IT infrastructure separation agreements; co-marketing and co-promotion agreements; consortium agreements; R&D services arrangements; IT outsourcings; business and digital transformation projects; and e-commerce arrangements. He also advises on the full range of legal issues relating to data, including data protection (GDPR), privacy, and cybersecurity matters.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Hakki Can Yildiz
Attorney
Cleary Gottlieb Steen & Hamilton LLP

Mr. Yildiz focuses his practice on data protection, cyber security, digital markets regulatory, and technology matters.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.


  • Live Online


    On Demand

Date + Time

  • event

    Tuesday, December 6, 2022

  • schedule

    1:00 p.m. ET./10:00 a.m. PT

  1. History
    1. Standard contractual clauses for DPAs
  2. The implementation of the new SCCs under Articles 46(1) and (2)(c) of the GDPR
  3. The implementation of the new standard contractual clauses for DPAs under Article 28(7) of the GDPR
  4. Timeline
    1. Old SCCs adopted under Directive 95/47/EC
    2. Old SCCs executed before Sept. 27, 2021
  5. Consequences

The panel will review these and other key topics:

  • What are the obligations for data importers, including importers acting as controllers, addressed in the new SCCs?
  • How do the new SCCs consolidate terms and allow controllers and processors to select the relevant clauses that apply on a modular basis?
  • How do the SCCs affect U.S.-based businesses and non-EU established data exporters to the extent the processing is subject to the GDPR under the extraterritorial reach of GDPR Article 3(2)?
  • What are the processor terms included in the new SCCs?
  • How are choice of governing law and jurisdiction affected by the SCCs?
  • How do the SCCs address the concerns raised by the CJEU in Schrems II?