Compliance Briefing — EU adopts new GDPR Standard Contractual Clauses
On 4 June 2021 the European Commission adopted modernized Standard Contractual Clauses for GDPR cross-border data transfers, adding Schrems II transfer-impact assessment obligations and modular terms for different roles.
The European Commission approved updated Standard Contractual Clauses (SCCs) on 4 June 2021. The new clauses feature modular provisions for controller and processor relationships, streamlined docking for multiple parties, and mandatory transfer-impact assessments to align with the Schrems II ruling.
Privacy officers should inventory contracts relying on legacy SCCs, plan migration before the EU sunset deadlines, and document supplementary measures—such as encryption and access controls—to justify data flows to third countries.
Continue in the Compliance pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Third-Party Risk Oversight Playbook — Zeph Tech
Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.
-
Compliance Operations Control Room — Zeph Tech
Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.
-
SOX Modernization Control Playbook — Zeph Tech
Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.