Search
NEWEST
FEATURED STORIES

SHARE

greenberg-traurig
August 02, 2022

Data transfers from a controller in the EEA, to another controller in the EEA, to a processor outside of the EEA

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all Law.com OnPractice content.
Register Now

The following is part of Greenberg Traurig's ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Controller A (EEA) → Controller B (EEA) → Processor Z (Non-EEA)

Visual Description and Implications
  • Background. Company A in the EEA transfers personal data to Company B in the EEA. Company B then transfers the personal data to its processor, Company Z, in Country Q.
  • Transfer 1. No mechanism needed. The GDPR does not require a safeguard mechanism for data that is transferred from a company in the EEA to another company in the EEA.
  • Transfer 2. SCC Module 2. The transfer from Company B to Company Z should utilize the SCC Module 2 designed for transfers from controllers in the EEA to processors that are located outside of the EEA.
  • Transfer Impact Assessments. Clause 14 of the SCCs would require that Company B and Company Z document a transfer impact assessment of the laws of Country Q to determine if they prevent Company Z from fulfilling its obligations under the SCCs.
  • Law enforcement request policy. Clause 15 of the SCCs requires Company Z to take specific steps in the event that it receives a request from a public authority for access to personal data. As a result, Company Z might consider creating a law enforcement request policy for handling requests from public authorities.

 

Tags

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

Dutch Presented Tax Measures for 2023

By Thomas van der Vliet Greenberg Traurig September 21 , 2022

On Budget Day, 20 September 2022 (Prinsjesdag), the Dutch Ministry of Finance presented its 2023 tax plan (the Proposal). For the proposed bills discussed in this GT Alert to have effect, Parliament first must approve them.

Commerce Issues Final Rule on AD/CVD Grace Period

By Laura Siegel Rabinowitz Greenberg Traurig September 20 , 2022

The Department of Commerce (DOC) has issued the final rule implementing the two-year moratorium on anti-dumping or countervailing duties (AD/CVD) for solar panels and cells from Cambodia, Malaysia, Thailand, and Vietnam in accordance with the June 6, 2022, Presidential Proclamation (Declaration of Emergency and Authorization for Temporary Extensions of Time and Duty-Free Importation of Solar Cells and Modules from Southeast Asia; See GT Alert, Biden Uses Emergency Powers to Pause New Solar Import Tariffs—Frequently Asked Questions), which provided for the two year moratorium on those tariffs.

The Tide May Be Turning on Flood of ERISA Excessive Fee Class Actions

By Jeffrey D. Mamorsky Greenberg Traurig September 20 , 2022

The contours of plaintiff pleading requirements for ERISA fiduciary breach claims sketched by the Supreme Court in Hughes v. Northwestern University1 continue to evolve.

View More ›
More From Cybersecurity

Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)

By David A. Zetoony Greenberg Traurig September 12 , 2022

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

By David A. Zetoony Greenberg Traurig September 09 , 2022

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Understanding the differences in the state privacy laws: What factors must be considered by an organization when conducting a DPIA?

By David A. Zetoony Greenberg Traurig September 08 , 2022

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities.

View More ›
Featured Stories

Navigating Intellectual Property Rights of NFTs and the Metaverse

By Shawn B. Cage September 12 , 2022

As adoption around blockchain, non fungible tokens (NFTs) and the metaverse grows, there’s an increasing focus on the legal challenges these emerging technologies present.

Read Now ›

IRS Provides Tax Penalty Relief for Certain Late Filed Returns

By Andrew R. Roberson August 26 , 2022

In Notice 2022-36, the Internal Revenue Service (IRS) announced relief for taxpayers who failed to file certain tax and information returns with respect to tax years 2019 and 2020.

Read Now ›

CDC Updates Its COVID-19 Guidelines: What Does It Mean for Your Business?

By Lindsay Ditlow August 25 , 2022

On August 11, 2022, the Centers for Disease Control and Prevention (CDC) unveiled its updated COVID-19 guidelines, revising both quarantine and isolation guidelines in the process.

Read Now ›

The IRS Grants Penalty Relief for 2019 and 2020, But…

By Barbara T. Kaplan August 24 , 2022

On Aug. 24, 2022, the IRS issued Notice 2022-36, which provides penalty relief to taxpayers for certain late-filed 2019 and 2020 tax returns and information returns, but this relief is only afforded to those who file the eligible returns on or before Sept. 30, 2022, and the relief does not apply to all types of returns.

Read Now ›

Your Horse May Be Subject to IRS Seizure

By Barbara T. Kaplan August 24 , 2022

The Internal Revenue Service (IRS) has broad powers to seize assets in payment of outstanding taxes including income tax, excise tax, employment tax, and estate and gift tax.

Read Now ›

Department of Labor: Releasing Employers' 2016-2020 EEO-1 Report Data Unless Each Employer Objects

By Eric J. Felsberg August 23 , 2022

The U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) received a Freedom of Information Act (FOIA) request for detailed EEO-1 Report employee demographic information that thousands of U.S. employers submitted from 2016 through 2020.

Read Now ›
Browse All Featured ›

The most trusted information source in the industry bringing In-House Counsels expertise from today's leading law firms.

Copyright @2022 ALM Global. All Rights Reserved.

We Use Cookies

This website (and some of its third-party tools) uses cookies. These allow us to deliver you an exceptional experience.

Read our cookie policy.

checkAccept
Subscribe to Start Using This Feature

Unlock even more great content and insights by subscribing now. It's Free!

Sign Up

Already have an account? Sign In.

Closeclose
Search
Menu
user iconMy Account
Sign Out
Back to Main Site Publisher Center
user iconMy Account
Sign Out
Become a Publisher

Homepage

Newest Stories

Featured Stories

Press Releases

About Us

FAQ

My Feed

My Feed

Topics

Browse All Topics ›

Regions

Browse All Regions ›

Law Firms

Browse All Law Firms ›

Offering content and insights designed for general counsels, published by leading law firms.

Copyright © 2021 ALM Media Properties. All Rights Reserved.

Working...