As we all know, Schrems II decision has forced businesses to revisit the way they approach international data transfer.
The European Court of Justice declared the EU-US Privacy Shield – an international agreement between the EU and the US with requirements to ensure an adequate level of protection of personal data exported to the US- invalid. According to the Court, US laws had several shortcomings that impede the protection of personal data and violates the GDPR. The judgment did uphold the use of Standard Contractual Clauses (SCCs), however, it cast some doubt over this method of transferring personal data outside the EU.
Now, companies must ensure that the recipient country has equivalent data protection to that of the EU. They cannot rely on SCCs alone.
Judging that protection of personal data transferred from the EU/UK into the U.S. would not satisfy EU requirements, the Court of Justice of the European Union is requiring organizations to review the affected contracts and map international data transfers, whether intra-group or via an external data supply chain, to understand where your personal data is going and what mechanisms you are relying on to transfer your personal data from the UK or EU to US, India or others countries which do not have an adequacy decision, can guarantee the high standard of GDPR protections for EU and UK data subjects.
The need to review, amend and assess data flows and the contractual arrangements is looming over businesses.
The time is ticking!
The European Commission’s modernized SCCs were adopted in June 2021 giving organizations currently using the previous version of the Commissions’s SCCs an 18-month transition period to update their contracts. Companies need to act soon to prevent any potential fines for non-compliance: SCCs have been required to be in place in any new contracts.
Furthermore, the need to supplement the existing warranties in the contracts is crucial to obtain legal and commercial comfort and to demonstrate compliance. For instance, companies can renegotiate and introduce in the existing contracts new liability caps, rights of termination, a new distribution of cost and liability allocation and the like.
In this context, innovative technologies can offer a huge help to companies in the reviewing and re-negotiation of existing contracts in order to be aligned and compliant with the direction imposed by the European Court.
- Compare quickly and efficiently SCC clauses among your documents using our provision compare feature to ensure that compliance standards, as required by GDPR;
- Extract relevant data privacy language using AI-powered contract analysis to assist those companies who both need to determine what additional provisions they need to amend onto existing agreements as well as identify those existing commitments that they are required to comply with under the Privacy Shield Framework;
- Create, edit and mark up your contract. Add variables, definitions, references and calculations in your model to apply rules, facilitate filling and automating your contracts. You can easily create new variables, define the type, change the order and correlate numeric variables via formulas;
- Authorise the new or revisited contract by the right people in the organization before it’s published and made available to the entire organisation. The approval is recorded in the deal history for due diligence and compliance purposes;
- Notify and share the contract to the counterparts in minutes thanks to an innovative contract negotiation and management platform;
- Negotiate or re-negotiate the new or the affected agreements using a collaborative peer-to-peer platform. Parties can securely exchange deal’s specifications, files and communicate with each other through simple direct messages, maintaining full control on all aspects of the deal;
- Automate the generation of the Agreement as soon as there is consensus among the parties on the deal;
- Automate the signature process and sign your contract using the Advanced Electronic signature;
- certify and notarize the contract so they remain safe and immutable;
Whether your needs are, Trakti and eBrevia can support you in an effective and compliant manner, leveraging our technology and experience and ensuring your business avoids risks and negative impacts.