skip to content

The New EU Standard Contractual Clauses (SCC) Are Now Part of Everlaw Data Processing Addendum

by Sabrina Benassaya

SCC-Web-Card-v5

Reading Time — 1 minute

We are excited to announce that we’ve updated our legal terms and notices along with our new Customer Data Processing Addendum (DPA) to include the new EU Standard Contractual Clauses (SCC) recently adopted by the European Commission

This update reinforces our commitment to protecting customer data in a modernized digital world where data transfers materialize in a single click. Everlaw is working to continuously provide more trust and transparency to customers about the transfer of their data, and give them the support they need while complying with the laws and regulations applicable to us. 

A year after the Schrems II ruling and ten years after the introduction of the EU SCC as a valid mechanism for trans-Atlantic data flows, the European Commission adopted a new set of EU SCC that combine separate rules for all potential transfer scenarios in one agreement. This evolution comes at a time where unsecure data transfers undermine the ability of individuals and data protection authorities to enforce protected rights, such as privacy rights. European businesses need the right tools to allow safe data flows locally and internationally and to establish the obligations of both data importers and data exporters more effectively.

The 2021 EU SCC framework has been developed to help address the challenges of modern business. It provides enhanced safeguards for data transfers and accommodates different scenarios of transfers that were not included in the old version of the SCC. Moving forward, data controllers located outside the European Economic Area (EEA) will be able to contract directly with the EU-based processors’ subcontractors for enhanced control on software chain supply risks. 

The new EU SCC remains an accountability-based mechanism, where data exporters are responsible for ensuring data is secure even after the transfer, and data importers must provide the appropriate legal, technical, and organizational support to fill in the gaps of the third-party country that is not deemed to provide adequate protection for personal data by the Commission.

Implementing the new SCC into our DPA gives our customers the ability to continue to comply with the General Data Protection Regulations when they transfer data outside the EEA. As part of our commitment to protect customer data, Everlaw is working to continuously provide more trust and transparency to customers about the transfer of their data, and give them the support they need. 

To find out more, request a demo today! We look forward to continuing to raise the bar for what legal professionals should expect from their discovery technology.

Sabrina Benassaya is a privacy manager and legal professional with a decade of experience in information technology and privacy laws. Before joining Everlaw, Sabrina was privacy counsel at IT Law Group, Chanel, and EY.