If you haven’t already got December 27th on your calendar, it’s the deadline for updating your documentation for transfers of personal data from the European Economic Area (EEA) to other countries – including the United States. From December 27th, cross-border transfers can only happen where the Standard Contractual Clauses (SCCs) adopted by the European Commission on June 4, 2021 are in place. Failure to implement the updated SCCs by December 27th and continuing to transfer personal data outside the EEA may result in a breach of the GDPR.
Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.