Search
Contact
27.07.2022 | KPMG Law Insights, KPMG Law Insights

The countdown is on: Only 5 months left for Schrems II implementation deadline

The use of the new standard contractual clauses for data transfers to third countries has already been mandatory for new contracts since September 27, 2021. The corresponding implementing decision of the EU Commission ((EU) 2021/914 COM) gives those responsible until December 27, 2022 to adapt existing contractual relationships to the new models. Thereafter, all standard contractual clauses already concluded must also comply with the new requirements. As of today, those responsible have only five months left for the final implementation. However, this is not done with a mere exchange of forms.

Complex implementation

The conclusion of the new standard contractual clauses is not a mere formality, as both data transmitters and data recipients have additional obligations to fulfill. Particularly noteworthy is the obligation of the data transmitter to conduct a so-called “Transfer Impact Assessment” (abbreviated to “TIA”); i.e. an extensive risk assessment of the third country transfer in the individual case. In this context, the individual particularities of the law in the target country must be taken into account. Depending on the outcome, specific contractual, organizational or technical compensatory measures to protect personal data must be identified, agreed and implemented. As this can lead to considerable additional expenses for the data recipient, it is not self-evident that the relationship will continue under the current conditions.

Focus of the authorities

The legally compliant implementation of standard contractual clauses and the adoption of effective compensatory measures are currently the focus of regulatory activities. For example, the data protection supervisory authorities of France, Austria and Italy have now indicated that the compensatory measures provided by a search engine provider when using its analytics tool are not sufficient to ensure an adequate level of data protection. The responsible parties concerned were prohibited from using the analysis tool. The problems identified are likely to exist in a similar form at other U.S. providers. In addition, the data protection authorities of the states of Berlin, Lower Saxony, Rhineland-Palatinate, Saxony, Saxony-Anhalt and Bavaria are currently conducting a coordinated review of web hosters’ order processing contracts. The questionnaire used for this purpose also contains a section on third-country transfers and asks which version of the standard contractual clauses is used for this purpose.

Liability risks

The use of previous templates is no longer permitted after the transposition deadline and would constitute a breach of Art. 44 and 46 of the General Data Protection Regulation. In particular, this may result in the prohibition of the relevant data processing as well as fines of up to 4% of the annual turnover or 20,000,000 euros. In each case, the higher amount is decisive. In addition, there is a risk of claims for damages from those affected and, if necessary, warnings from competitors. It should not be neglected that the implementation of the new requirements – due to the transparency obligations under data protection law – can be ascertained by third parties without much effort, which increases the risk for data controllers of becoming the target of such measures.

Conclusion

Responsible parties who have not yet started updating standard contractual clauses in use should do so now at the latest. Often there is a multitude of such contracts and each one of them – in addition to the creation of a TIA – has to be individually redrafted and negotiated. The adaptation process is multi-step and should not be underestimated in terms of its complexity. Delayed implementation is easy to spot and poses a high liability risk that can be avoided by acting early.

Explore #more

04.02.2025 | Deal Notifications

KPMG Law advises ROTOP shareholders in connection with an investment by GENUI and SHS Capital

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to the shareholders of ROTOP Pharmaka GmbH (ROTOP), a provider of development and manufacturing capacities for…

31.01.2025 | Deal Notifications

KPMG Law supports HWP with majority stake in instakorr GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised HWP Handwerkspartner Group (HWP) on the acquisition of a majority stake in instakorr GmbH (instakorr). KPMG Law carried…

29.01.2025 | KPMG Law Insights

Green hydrogen from wastewater – legal hurdles in production

Hydrogen provides significantly more energy than gasoline or diesel. If it is produced using renewable energies, hydrogen can make a significant contribution to climate protection.…

29.01.2025 | Deal Notifications

KPMG Law advises HWP on the acquisition of Hydro-Tech GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised HWP Handwerkspartner Group (HWP) on the acquisition of Hydro-Tech GmbH Hochdruck- und Reinigungstechniken Maler und Betoninstandsetzungsarbeiten (Hydro-Tech). KPMG…

29.01.2025 | KPMG Law Insights

What the Green Claims Directive means for companies – an overview

With the Green Claims Directive, the EU will introduce extensive regulations on the requirements for permissible environmental claims. The aim is to prevent greenwashing so…

27.01.2025 | In the media

Merger control and national security: key considerations for corporate transactions

Financier Worldwide discusses key merger control and national security considerations for corporate transactions with Lisa Navarro, Stuart Bedford, Gerrit Rixen (KPMG Law Germany), Helen Roxburgh…

24.01.2025 | In the media

Guest article in the ESGZ: Opportunities with discrimination risks: AI in the field of human resources

Artificial intelligence (AI) is no longer a dream of the future, but is already changing the world of work at a rapid pace. Companies are…

24.01.2025 | Deal Notifications

KPMG Law advises DKB on joint ventures with Sparkassen-Finanzgruppe in credit processing

KPMG Law advises Deutsche Kreditbank AG (DKB) on the establishment of a joint venture in the field of credit card processing with companies of the…

24.01.2025 | KPMG Law Insights

Tübingen packaging tax statute is constitutional

Tübingen’s packaging tax is constitutional. The Federal Constitutional Court has rejected a constitutional complaint against the packaging tax statutes of the University City of Tübingen.…

22.01.2025 | KPMG Law Insights

The EU packaging regulation sets strict requirements for packaging

The EU has adopted the Packaging Regulation. After the European Parliament adopted the Commission’s draft on April 24, 2024, the EU member states also approved…

Contact

Francois Heynike, LL.M. (Stellenbosch)

Partner
Head of Technology Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

Tel.: +49-69-951195770
fheynike@kpmg-law.com

Miriam Oussalah

Manager

Münzgasse 2
04107 Leipzig

Tel.: +49 341 22572-500
moussalah@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll