Cross Border Transfer Mechanism: Model Clauses


A cross border transfer is one where the personal data is transferred from the EU to a country that is outside of the EU (EEA*). If the country where the data is transferred to does not have an adequate level of protection, a transfer mechanism must be used. Under GDPR, Model clauses are one of the many mechanism that can use used for cross border transfers.

Model Clauses (Also known as Standard Clauses) are contractual clauses that are generally drafted and adopted a Data Protection Authority (DPA).  The Commission (One of the many EU governmental bodies) may also adopt Model Clauses, but have yet to do so. MCs set out the duties and obligations for both Controllers and Processors. 

There are several noticeable differences between MCs and Binding Corporate Rules (BCRs):
  • MCs require processors to provide an adequate level of protection of the personal data.
  • MCs maybe used by unrelated entities.
  • MCs do not require approval by the DPA. 
  • MCs can not be altered and tailored.
For Example: A controller located inside the EU and the processor is located outside the EU can conclude a contract based on the MCs. In that contract the processor must agree to provide an adequate level of protection of the data being transferred in compliance with GDPR standards.

A sample copy of Model Clauses is attached in this link.

Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design