July 2022- GDPR Compliance – Preparing for the December Repapering Deadline

July 14, 2022

July 2022- GDPR Compliance – Preparing for the December Repapering Deadline

When the European Commission published its final guidance on new standard contractual clauses (SCCs), it pinpointed several dates for compliance:

  • June 27, 2021 – guidance took effect
  • September 27, 2021 – final day for updating all new contracts
  • December 27, 2022 – final deadline to transfer – or “repaper” – all old contracts to the new language and clauses

The clauses are contractual addendums that apply to both current and future agreements which pertain to how businesses manage, interact with and transfer user personal information. Since June 2021, businesses across the European Union have come into compliance with the new SCCs, which in turn have brought them into compliance with the General Data Protection Regulation.

The upcoming December deadline marks the end of the 18-month grace period established to allow businesses to transition to the new clauses, after which older contracts may face penalties.

Europe’s status as a leader in data privacy means these clauses and the overall data privacy efforts are widely seen as best practices in the global race to protect data transfers.

With the December deadline fast approaching, corporate legal departments overseeing contracts for their organizations must act now to be compliant. In an article published recently by Corporate Counsel, QuisLex’s Zoltan Horvath explores the clauses that have been updated for the GDPR, including the distinctive contract structures outlined and potential workarounds for companies facing difficulty in meeting the upcoming repapering deadline.

The article also offers suggestions for what legal departments should be doing right now as this critical deadline nears:

  1. Identify all corporate contracts that need to be repapered and revised.
  2. Differentiate the relationships in each contract (i.e., processor to controller, controller to controller, etc.) to determine the applicable clauses.
  3. Engage each entity in the contractual ecosystem, including processors, subprocessors or any entity that touches the data, to ensure that they too consent to compliance under the new SCCs and GDPR.

​​​​​​​For more about the new standard contractual clauses and these tips for compliance by the upcoming December deadline, read Horvath’s full article here:

The New GDPR SCC Framework: What In-house Lawyers Must Do Today to Be Prepared | Corporate Counsel

◀ Back to Blog Listing