Schrems II – SCCs | FIS
Introduction
This set of FAQs highlights the key topics addressed in the Schrems II judgment (the “Schrems II Judgment”) from the Court of Justice of the European Union (“CJEU”) to help our clients, partners and vendors understand our approach to the Schrems II Judgment.
This content presents a general overview of the Schrems II judgment and does not provide legal advice. It is imperative you seek independent legal advice to discuss the requirements applicable to your specific circumstances.
What is the Schrems II Judgment?
+
What is the significance of the Schrems II Judgement?
+
What is a direct consequence of Schrems II judgement?
+
Transition Period given: There is a grace period for using the existing/older form of EEA SCCs. Parties can continue signing the existing SCCs until 27 September 2021, thereafter, no new contracts can be signed using the existing SCCs.
Remediation Period given for existing contracts: Parties are given until 27 December 2022 (or when the underlying processing operations of the relevant EU personal data changes, if earlier) to replace existing EEA SCCs with the new EEA SCCs.
FIS notes that the UK are currently relying on the existing SCCs but will update the UK SCCs in due course (currently under consultation).
Can FIS continue to transfer EU personal data to Third Countries outside the EEA including US?
+
In addition, FIS follows the EDPB guidelines on international transfers and takes appropriate actions to mitigate any privacy risks arising as a result of the Schrems II Judgment.
What steps FIS will take to support its clients?
+
FIS will be updating its client contracts to incorporate the new SCCS, where applicable, in accordance with the required deadlines. If you are an existing client and the new SCCs apply to you, FIS will be in touch shortly with the required amendment. In addition, as part of our robust commitment to data privacy globally, FIS has imposed key GDPR terms as from 2018 where GDPR is applicable.
What steps FIS will take with its partners and vendors located outside of the EEA?
+
In addition, as part of our robust commitment to data privacy globally, FIS has imposed key GDPR terms to the majority of our non-EEA vendors and where applicable.
What is FIS’ approach to the GDPR and Schrems II?
+
FIS understands and agrees with the principles of the GDPR and all relevant data privacy laws that people have the right to understand how their personal data is handled and they should have control over their data. FIS will continue monitoring regulatory guidance and take necessary actions as a result of the Schrems II Judgement and the new EEA SCCs (and the UK SCCs when they are formally issued).