The modernization of ”standard contractual clauses” used for transferring personal data to non-European Union (EU) countries is one of the improvements identified by the European Commission in its evaluation of the General Data Protection Regulation (GDPR), which took effect in 2018. Standard contractual clauses are the most widely used tool by companies and other organizations to lawfully transfer personal data from EU member states to non-EU countries.
The GDPR established a single set of rules on the processing and free movement of personal data, replacing a 1995 EU directive on data protection. The GDPR established the rules for lawfully transferring personal data from EU member states to countries outside the EU, and those rules have been influential in the development of other countries’ data protection standards. The GDPR also included a new governance system aimed at establishing a level playing field for all companies operating in the EU, regardless of the member state in which they are established.