On November 12, 2020, the European Commission published draft implementing decisions on standard contractual clauses for data transfers to processors located in the European Union and to recipients in non-EU countries.
CEDPO welcomes the adoption of standardized clauses fostering a harmonised application of the GDPR. Also, the consistency with the GDPR and the ECJ risk-based approach have to be considered important achievements of the new clauses, especially in regard to data transfers outside the European Union. Furthermore, the Draft SCCs for non-EU data transfers take into account various processing scenarios, including data transfers from a processor located in the EU to another processor in a third country which have not been been covered by the existing implementing decisions.
As representing controllers and processors and especially the data protection officers of such organisations, CEDPO nonetheless sees potential improvements to be made after the consultation period in order to balance the interest of the different stakeholders from a practical point of view.
You can download the CEDPO comments here.