In the summer of 2021, the European Commission published new standard contractual clauses (SCCs) to act as a transfer mechanism when transferring personal data outside the EU/EEA. These new SCCs replaced the old clauses that were published in 2010.
10.11.2022
International transfers of personal data: less than two months to replace the old standard contractual clauses – are you ready?
Related services
SCCs are standardised and pre-approved model data protection clauses that can be incorporated into agreements on a voluntary basis to comply with data protection requirements. The new SCCs take into account the Schrems II judgement by the Court of Justice of the European Union issued in the summer of 2020.
Transitional period is about to end – now is the time to take action
The adoption of the new SCCs on 27 June 2021 launched an 18-month transitional period during which companies using the old SCCs must update their agreements and replace the old SCCs with the new ones. New agreements to transfer data that were concluded after the new SCCs were adopted (i.e. new data transfers) had to be based on the new SCCs since 27 September 2021 already.
The deadline for replacing the old SCCs is now less than two months away as the transitional period ends on 27 December 2022. If your organisation has not yet taken action, now is the time.
What needs to be done?
The EU and the US are currently working on a new framework that will govern the transfer of personal data from the EU to the US. As we discuss in more detail in this blog, the new transfer mechanism is not expected to enter into force before the spring of 2023, and the SCCs adopted by the Commission will remain a key transfer mechanism in transfers of personal data outside the EU/EEA. For the time being this also applies to data transfers to the US.
To learn more about the contents of the new SCCs, read this article.
Latest insights
Article published 10.10.2024 – Data & Technology
New act on dual-use items entered into force in September – what companies need to know
Article published 5.9.2024 – Data & Technology
Technology acquisitions can boost companies’ growth – or cause them to fail
Article published 6.5.2024 – Employment
Outsourcing company functions – four key points for success
Article published 7.12.2023 – Data & Technology
Agreements define data sharing and re-use
Kim Parviainen, Lauri Laatunen & Joakim Jaulimo
Topi Lusenius, Anders Forss & Kim Parviainen
Tomi Kemppainen, Kim Parviainen & Eija Warma-Lehtinen
Latest references
Valio – Acquisition of the Härkis® and Beanit® fava bean brands
We advised Valio Oy in its acquisition of Raisio Oyj’s plant protein business, related fixed assets and the Härkis® and Beanit® fava bean brands. The fixed assets include, among other things, the production equipment of the factory that makes plant protein products in Kauhava. The transaction supports Valio’s strategy to grow from a dairy company to a food company. This business acquisition will make us an even more significant developer and producer of plant-based protein products. The demand for these products will grow in the long term, and a great deal of growth potential still remains. In 2022, we acquired the Gold&Green® business and, since then, we have been carrying out strong product development and renewed the brand. Following successful product launches, sales in the last quarter of 2024 increased by about 50% from the previous quarter. With this acquisition, we are building our own production capacity. The production equipment of the Kauhava factory is just right for our needs and situation. says Kimmo Luoma, Valio’s Senior Vice President. Valio is a Finnish dairy and food company founded in 1905 and owned by Finnish dairy cooperatives. Valio has subsidiaries in Sweden, Estonia, the United States and China. In 2023, the Group had a turnover of EUR 2 278 million and more than 4 000 employees.
Case published 14.2.2025
WithSecure – Sale of cyber security consulting business
We advised WithSecure Corporation in the sale of its cybersecurity consulting business to Neqst. WithSecure is a global cyber security company (listed on NASDAQ OMX Helsinki). Neqst is a Swedish investment firm, focusing on technology companies. The closing of the transaction remains subject to customary conditions and regulatory approvals.
Case published 24.1.2025
Smarter Contracts – Registration of the first non-EU data intermediation service in Finland
We assisted Smarter Contracts Ltd in the process where the Finnish Transport and Communications Agency Traficom confirmed it to be an EU-recognised data intermediation service. Non-EU companies must have a legal representative in some EU country so that they can offer data intermediation services in accordance with the Data Governance Act. Smarter Contracts is based in Great Britain and selected Finland for the task. Smarter Contracts is the first non-EU data intermediation service registered by Traficom. Wayne Lloyd, Founder & CEO of Smarter Contracts, remarked: The support from the Castrén team was exceptional from start to finish. Pioneering new territory is never without its challenges, and as the first non-EU data intermediation service provider, we faced significant legal uncertainties. Despite these complexities, the Castrén team expertly guided us through each step with remarkable efficiency, providing the certainty we needed. Smarter Contracts leverages its proprietary Pulse Permissions Protocol® to deliver advanced consent and access rights management services. This milestone highlights Castrén & Snellman’s proficiency in navigating intricate regulatory landscapes, whilst recognising the relevance of Smarter Contracts’ innovative approach to secure, compliant data management.
Case published 11.12.2024
Pharmaca Health Intelligence – Acquisition of PODIUM Connect and PODIUM Visits businesses
We assisted Pharmaca Health Intelligence in its acquisition of Mediaattori Ltd’s PODIUM Connect® and PODIUM Visits businesses. Through the acquisition, Pharmaca Health Intelligence strengthens its extensive service offerings in medical information, data-driven management, and education for both healthcare and pharmaceutical companies. Pharmaca Health Intelligence is a pioneer in digital medical information and a reliable partner for wellbeing services counties, the private healthcare sector and pharmacies. The company invests in the development of technology and service solutions related to pharmaceutical information, also on an international scale.
Case published 5.12.2024