Alston & Bird Privacy, Cyber & Data Strategy Blog

Alston & Bird Publishes FAQs – Standard Contractual Clauses for Controllers and Processors in the EU/EEA

By

Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation:

  • Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements?
  • Do the Article 28 clauses ensure compliance with all Article 28 (3) and (4) requirements?
  • Can controllers and processors modify the Article 28 clauses?
  • Do the Article 28 clauses require additional language from controllers and processors?
  • Can third parties become a party to the Article 28 clauses?

Click here to access the full advisory.

Alston & Bird will continue to analyze the Article 28 clauses. We will publish additional work on this and related topics.

About Yung Shin Van Der Sype

Yung Shin is an associate with Alston & Bird’s Technology & Privacy Group and Privacy, Cyber & Data Strategy Team. She focuses her practice on IT law and HR-related matters, including privacy and data protection, IT contracts, and corporate security.