Law 365's Microsoft fluent legal experts help Microsoft Partners grow their business through quick, affordable and accessible legal services.

Commercial Legal Services

Our experienced commercial lawyers have got you covered with expert advice, rapid contract review and timely negotiation.

HAPPY 365

Employment services and people development combined to create HAPPY 365 - designed to help you grow a happy workplace.

Top visited contracts and agreements

View our most popular contracts, where we break down legalese, and reveal the FAQs Microsoft Partners are asking us.

Helping Microsoft Partners grow with less risk

Inside the UK's Top Microsoft Partners

Microsoft Partner Insights Front Cover 350 x 483

 

6 min read

New EU SCCs – Are you prepared?

Featured Image

While day-to-day life may have come to a grinding halt during the pandemic, the same certainly cannot be said for the world of data protection.

As we now enter spring, the frost on the ground starts to disappear, and we enter a new quarter; the deadline for the implementation of the New EU Standard Contractual Clauses (SCCs) is 9 months away.


Who is this update for?

If you’re subject to the EU GDPR (e.g. because you have an office, customers or monitor individuals in the European Economic Area - EEA) then it’s time to make sure all your contracts are in order. If the last 12 months are anything to go by, the 27th of December 2022 will be here before you can say Omicron variant!

This update includes:

Do you need to do anything?

An easy flowchart to determine if you're needing to act on the new EU SCC rules. view the EU SCCS flowchart in full size here.

SCC Infographic 700 width border (1)


Since Brexit

In the relatively short space of time since the end of the Brexit transition period, we’ve had:

Of these recent developments it is perhaps the publication of the new EU Standard Contractual Clauses (SCCs), and impending discontinuing of the old EU SCCs, which organisations need to be acutely aware of given the deadlines for implementing the new EU SCCs into contracts (where necessary).

Note: The new SCCs do not (yet) apply to transfers of personal data from the UK to third countries (countries who do not have adequate levels of data protection of the EU standards). See the timetable below for more details.

 
 

 

What's changed with EU Standard Contract Clauses (SCCs)?

Earlier this year the European Commission (“Commission”) published new EU Standard Contractual Clauses (“SCCs”), which, as of 27 September 2021, repealed and replaced the old EU SCCs.

As you may be aware, SCCs provide a practical, and often used, solution for companies to transfer personal data from the EU to those countries outside of the EEA (European Economic Area) not deemed to provide equivalent protections to the EU GDPR  (“third countries”).

 

With the old EU SCCs having now been repealed, the Commission have set a deadline of 27 December 2022 for companies to ensure that:

(a) all new contracts entered into from 27 September 2021 incorporate the new EU SCCs where necessary and;

(b) all existing contracts relying on the old EU SCCs as a transfer tool are updated to replace the old with the new EU SCCs.

 

 

What do you need to do?

If you are a company subject to the EU GDPR and relying on the old EU SCCs to transfer personal data to third countries:

(1) Stop using the old EU SCCs for any new contracts and start using the new EU SCCs.

(2) Audit your existing contracts, including intra-group data sharing agreements (“DSA”), to identify and amend all that incorporate the old EU SCCs. 

If you would like us to carry out this audit process and incorporate the new EU SCCs where applicable, this will count as a total of one credit* if you are an existing subscription client, otherwise starting from £500 + VAT* (*price/credit dependent on how many SCCs/contracts require amending).


(3) If you don’t want us to review your current arrangements. The new SCC templates are available to download at Standard Contractual Clauses (SCC) | European Commission (europa.eu). 


Please note, it is important to ensure that each contract is assessed on a case-by-case basis and not take a blanket approach to amending your contracts because of the modular approach to the new EU SCCs (see the attached PowerPoint for further detail on this).

As a separate point - If you require an intra-group DSA with the relevant SCCs, but do not currently have one in place, we would be happy to draft this for you. Please do get in touch!

 

 

Do you need the new EU SCCs if transferring personal data to third countries from the UK?

No, the new EU SCCs are not recognised in the UK and UK based companies can continue using the old EU SCCs for transfers from the UK to third countries until such time as the ICOs final version International Data Transfer Agreement (“IDTA”) is published.

Please note, although UK companies do not need to do anything right now with regard to the new EU SCCs, we recommend preparing for the IDTA in advance of it coming into force by carrying out the audit process set out at point (2) above.

 


 

Timetable for the New EU SCCs

Organisations transferring personal data from the EU to ‘third countries’ will need to be ready to incorporate the new EU SCCs into their contractual agreements in accordance with the following timetable:

27 June 2021

The new EU SCCs were made ready for use. However, organisations are still able to use the old EU SCCs in new and existing contracts.

27 September 2021

The old EU SCCs are repealed and no new contracts can be signed which incorporate them as a transfer mechanism  for all new contracts, the new EU SCCs must be used. 

27 December 2022

Deadline for ensuring all existing contracts are amended to remove the old EU SCCs and incorporate the new EU SCCs.

Please note, the above timeline only applies to transfers of personal data from the EU to ‘third countries’, and organisations caught within this criteria should certainly review their existing contractual arrangements and intra-group transfer agreements that rely on the old EU SCCs as a valid transfer mechanism.

 


View our PowerPoint to find out more


Law 365 The New EU Standard Contractual Clauses (SCCs) from KimSimmonds

 


How can we help?

If you've got a questions surrounding the new EU SCCs, get in touch with our experts on our Get Started page.

This is part of our data protection series. Read more here: 

Fancy a natter about legal matters?

Are legal worries getting you down? Let the Law 365 team help you grow your business with less risk.

What makes us different?

  • We only work for Microsoft Partners, just like you.
  • We offer our services as a monthly subscription – so you can budget your legal costs for the year. No surprises.
  • We’re your  'in-house’ legal team, but we won’t bog you down in legal jargon.
  • We’ll work at your pace to get deals over the line. Fast.

Call us on 01892 313 943 or drop us a note at hello@law365.co


Law 365 – The Award-Winning Microsoft Partner Law Firm

Enjoyed this article?

Read some of our other Insights.

16 min read

1. Microsoft Partner Insights 2022 – Benchmarking Research

Welcome to the 2022 edition of Law 365’s Microsoft Partner Insights.  We teamed up with Incredible Results, analytics...
14 min read

2. Microsoft Partner Insights 2022 – Financial Review

What a year 2021 was! Just as 2020 brought a myriad of opportunities and threats, 2021 presented all Microsoft Partners...
9 min read

3. Microsoft Partner Insights 2022 – Recruitment

They say you can’t have a world-class business without world-class employees, and the competition in the marketplace...
Discover more insights