Are your GDPR policies ready for the end of the year?


If you transfer personal data to Third countries (non-EU countries which are not covered by the so-called adequacy decision), you should implement one of the following safeguards:

  • binding corporate rules (“BCR”)
  • standard contractual clauses (“SCC”)
  • approved code of conduct (“COC”)
  • approved certification mechanism or
  • legally binding and enforceable instrument between public authorities or bodies.


Standard contractual clauses (“SCC”)

On 4th June 2021, the European Commission has issued a new set of Standard contractual clauses. The new SCCs will become mandatory for all companies (choosing this safeguard) as of 27th December 2022.


What if you transfer your data to the USA?

On 16th of July 2020, the Court of Justice of the European Union ruled out that the transfer of data from the EU to the USA based on the so-called privacy shield is illegal. Now data transfer to the USA is equated with transfer to other third countries.

In order to ease such transfer to the USA, on 25th March 2022, the European Commission and the USA announced that they have agreed in principle on a new Trans-Atlantic Data Privacy Framework.

In the next step, it is expected for the European Commission to draft (and later adopt) an adequacy decision (as a safeguard) thus easing the transfer of data between the EU and the USA.


Crowe is available to support you in regulation of personal data protection should you require further assistance.