GDPR Update on Transfers Outside the EU

September 3, 2021
ATC Blog, Brexit, GDPR, News, Partners

The European Commission has published new GDPR Standard Contractual Clauses (SCCs) for transfers of personal data to third countries.

To securely transfer personal data to a third country outside the EU/EEA, a company must apply appropriate transfer safeguards. These safeguards help ensure that personal data is afforded a level of protection equivalent to that guaranteed within the EU.

Some third countries, such as the United Kingdom, are already deemed as adequate in their GDPR equivalence, but for the majority of third countries, other safeguards are needed.

To ensure sufficient levels of protection, companies can make use of GDPR Standard Contractual Clauses (SCCs) offering contractual safeguards for data transfers to a third country.

For the language services industry, the newly published new SCCs are significant, as they now cover transfer scenarios not previously captured by the old SCCs.

Previous versions of the GDPR SCCs only covered transfer scenarios controller-to-controller and controller-to-processor.

Among other updates, the new SCCs now also cover modular transfer scenarios for:

Processor-to-(sub-)processor
Processor-to-controller

The new SCCs now enable language service companies to apply standard contractual clauses for transfers of personal data to their freelance suppliers located in third countries.

New Standard Contractual Clauses

Read more about the GDPR SCC updates at:

European Commission adopts new tools for safe exchanges of personal data

Standard contractual clauses for the transfer of personal data to third countries

Standard contractual clauses between controllers and processors

EDPB recommendations on protection matters

Note that the ICO, the UK’s national data protection authority, has not yet updated its Guide to the UK General Data Protection Regulation (UK GDPR) to reflect the adoption of the new SCCs.

The old SCCs remain valid until 27 September 2021. Existing contracts and contracts concluded before 27 September 2021 based on the old SCCs remain valid until 27 December 2022.

EUATC Guide to GDPR and Personal Data in Translation

The ATC’s European umbrella body, the EUATC, will continue to monitor the changes in personal data protection regulations, and aims to provide further detailed guidance in the coming months as national data protection authorities’ guidance is updated.

Download the previous version of the EUATC Guide GDPR and Personal Data in Content for Translation in the ATC Member Area under My Benefits > ATC Guides.