Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Alerts
    4. The new standard contractual clauses are (finally) here

      Alerts

    Alert / Data Privacy & Cybersecurity

    The new standard contractual clauses are (finally) here

    June 8, 2021

    LinkedInX (Twitter)EmailCopy URL

    By Jenny Holmes

    What’s the Impact?

    • Updated SCCs break new ground by addressing processor-to-processor and processor-to-controller transfers.
    • The new SCCs require the parties to conduct a “transfer impact assessment” to determine whether the laws of the importing country have sufficient data protections for a lawful transfer.
    • Companies have a grace period to adjust to the new SCCs, as they can rely on the old SCCs for new transfers for the next three months.

    DOWNLOAD

    New standard contractual clauses (PDF)

    The Schrems II decision invalidated the EU-U.S. Privacy Shield and questioned the legitimacy of the standard contractual clauses (SCCs), leaving many multinational organizations wondering how to safely send or receive personal data originating inside the European Economic Area (EEA) outside the EEA. On June 4, 2021, the European Commission published their final version of the new SCCs.

    The new SCCs introduce a modular concept and follow in the footsteps of the old SCCs by addressing controller[1]-to-controller and controller-to-processor[2] transfers. The new SCCs break new ground by addressing processor-to-processor and processor-to-controller transfers. Additionally, reflecting the Schrems II decision, the new SCCs require the parties to conduct a “transfer impact assessment” to determine whether the laws of the importing country have sufficient data protections for a lawful transfer. A finding of inadequate protection will require supplementary measures, like encryption, to be put in place. We expect the European Data Protection Board to provide final guidance on the transfer impact assessments.

    Fortunately, companies have a grace period to adjust to the new SCCs, as they can rely on the old SCCs for new transfers for the next three months. Existing transfers can remain on the old SCCs for eighteen months.

    Here are some ways companies can start preparing for the new SCCs:

    • Create a new data map to understand where any personal data is coming from or being transferred to.
    • Conduct a transfer impact assessment and perform diligence on customers or vendors in connection with data transfers.
    • Identify existing transfers and categorize the type of transfer (controller to controller, processor to controller).
    • Begin the process of amending applicable contracts and/or data processing agreements to incorporate the new SCCs.
    • Update any model agreements to incorporate new SCCs.

    The eighteen-month deadline for existing transfers, December 2022, will come quickly and it is imperative that companies start preparing their data privacy practices now.


    1. Controllers are those who determine the purposes and means of processing personal data.
      [Back to reference]
    2. Processors are entities that process personal data on behalf of a controller and at the controller’s direction.
      [Back to reference]

    Practices

    Cybersecurity & Privacy

    Insights And Happenings

    • Alert

      Well that was fast: The Department of Labor commences cybersecurity audit activity

      June 23, 2021
    • Alert

      The once-and-future Privacy Shield

      Oct 7, 2020
    • Alert

      European Court of Justice invalidates EU-U.S. Privacy Shield, affirms Standard Contractual Clauses

      July 17, 2020
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved