Typeform, as a data driven company, takes privacy and data security seriously. As part of our commitment to ensure anything we process on your behalf is secure at all times, we have created this article to explain the basics of the Standard Contractual Clauses (SCCs), and how it affects you.
What are SCCs?
SCCs are a specific arrangement that we need to put in place for transferring personal data outside the European Economic Area (i.e. the territory comprising the European Union, Iceland, Norway and Liechtenstein).
Their main purpose is to ensure that we are clear on the ground rules to process any personal data we may collect on your behalf, and set up the guidelines that we need to follow to protect data in accordance with European privacy standards.
What has changed?
We already have SCCs in place as part of the terms and conditions that apply to you upon signing-up, or as part of your enterprise agreement. However, the European Commission has approved a new updated set of SCCs that are meant to replace the old ones.
The European Commission has decided to take this approach to improve the level of protection granted for personal data, as well as to update the old SCCs to the needs that companies face nowadays: the former set of clauses was approved in 2010, as part of the 1995 Directive, and lots of things have changed since then...
What is next? Is there a deadline?
Having a new set of SCCs is good news indeed!! In addition to the security measures and policies we already had in place, we now count with an updated framework to work with. And this document offers a more suitable response to the challenges posed by transnational data processing.
As this is a new framework, we will need to take steps to adapt and transition to this new situation. But fear not, we are here to help. As part of our commitment towards privacy, our teams are already working on implementing any necessary measures required by the SCCs.
The new SCCs will not be applicable immediately. They will be fully applicable in 20 days from their publication in the EU Official Gazette (still pending), and after that we will have 1 year and 6 months to adapt and transition our relationship.
I'm not subject to the GDPR: how am I impacted?
As a global business we understand that you may be based and operating in a territory different from the European Union. Yet, it is part of our commitment to privacy to offer the same standards to all our customers, no matter what.
From a practical point of view, even if you are not subject to the SCCs, you will have an additional layer of assurances to protect any data you entrust to us. Not a bad deal, is it?