Google SCCs and DPAs update: did you tick all the boxes?

October 21, 2021

Jane Murphy

Did you also receive a notification by Google to review and accept their new DPA and SCCs?

The deadline to complete the steps and get up to date is 27 October.

The clock is ticking for companies who haven’t yet taken care of this. ⏰

Why is Google requesting this from their customers? They want to comply with the recent updates made by the European Commission to safely transfer personal data outside of the EU. The EU Commission published the latest version of their Standard Contractual Clauses on 4 June 2021.

What are the Standard Contractual Clauses?

These Standard Contractual Clauses (or SCCs) ensure that appropriate safeguards are put in place between companies to safely transfer personal data from the EU to third countries, if the third country doesn’t benefit from an Adequacy Decision.

The new SCCs are composed of four modules which will apply between EU and non-EU companies depending on whether they’re controllers and/or processors of personal data:

  • Controller to Controller: Module 1
  • Controller to Processor: Module 2
  • Processor to Controller: Module 3
  • Processor to Processor: Module 4

These new SCCs will replace the three sets of SCC’s that were adopted under the previous Data Protection Directive 95/46.

What’s the deadline to comply?

The EU Commission gave companies some time to comply with the new clauses and implement them in their business relationships.

  • Companies need to start using the SCCs’s in their new contracts since September 27
  • Companies will need to update their already-existing contracts before December 27, 2022

What do I have to do regarding Google’s notification?

Companies like Google have been updating their SCCs and Data Processing Agreement to comply with the new version. If you use their services, you may have received a notification asking you to review and agree with the new clauses. The deadline is October 27 to accept the Google SCCs and Google DPA. The update has to be done on all platforms (Google Ads, Google WorkSpace, etc.)

If you’re based outside the EU, they also ask that you provide the contact details of your EU GDPR Representative, along with your DPO’s.

If you’re based outside the EU, process personal data of individuals located in the EU and don’t have a Representative yet, contact EDPO! We act as Data Protection Representatives for companies outside the EU/UK. Appointing us is easy and quick. Contact us now to make sure that you can continue to use Google’s services.

All images are printscreens of the Google WorkSpace platform. 

#GDPR #GoogleGDPRDPA #GoogleGDPR #GoogleSCC #GoogleDPA #GoogleAdsDPA #SCCgoogle

Follow us on Linkedin for daily breaking GDPR news!

Get our weekly newsletter in your inbox every Monday with fresh GDPR and Data Protection news!