Case study: Multinational company replacing EU SCCs


The EU GDPR and the UK GDPR both restrict cross-border transfers of personal data, as explained on our page on International data transfers

Making a restricted transfer subject to standard contractual clauses (SCCs) approved by the European Commission is one of the appropriate safeguards allowed for by the EU GDPR. In June 2021, the European Commission released new SCCs. Organisations can only continue to rely on earlier SCCs for contracts entered into before 27 September 2021 until 27 December 2022. After that date, earlier SCCs will not provide an appropriate safeguard for making restricted transfers of personal data – only the June 2021 EU SCCs will provide the appropriate safeguard. 

For a global organisation, updating all existing contracts that rely on old EU SCCs to cover restricted transfers of personal data with new EU SCCs is a significant project. One multinational company approached us for help with this process for contracts with more than 2,000 suppliers from a wide range of sectors, markets and jurisdictions.

How we helped

We have worked with a wide range of stakeholders from across the multinational company, including procurement, legal, information security and business contacts, to:

  • Address questions from suppliers at first instance to resolve minor queries where possible.
  • Support with any negotiations associated to variable aspects of the new EU SCCs, including security measures and changes to previously negotiated positions.
  • Advise on risks and the scope of the updates.
  • Help conclude supplier discussions in a pragmatic and efficient manner.
Our experience

 

We tailored our advice to support on key priorities for the business while ensuring compliance with the regulatory requirements.

Outcomes

Our advice on the scope of the EU SCCs requirements has helped to significantly reduce the number of suppliers that our client has needed to engage with, allowing the client to focus on suppliers of key importance, risk, and complexity.

Data protection hub

View the hub now to explore additional legal resources.
Go to the hub

Stay informed

Our latest articles, events and webinars on data protection law.
Read more