On August 27, 2021, the Federal Data Protection and Information Commissioner (“Swiss DPA”) announced that the new EU Standard Contractual Clauses (the “SCCs”) may be relied on to legitimize transfers of personal data from Switzerland to countries without an adequate level of data protection, provided that the necessary amendments and adaptations are made for use under Swiss data protection law.
The Swiss DPA also published a guidance document to help companies make the necessary amendments and adaptations to the SCCs. The guidance, for example, assists companies in determining whether the EU General Data Protection Regulation (“GDPR”) and/or Swiss data protection law should govern the data transfers.
The new SCCs must be used in Switzerland for any new contract as of September 27, 2021, and implemented in existing contracts that incorporate the old SCCs by January 1, 2023 (for companies subject to the GDPR, the date of implementation is December 27, 2022).
When using the SCCs in Switzerland, companies are not required to notify the Swiss DPA for validation, which is required for other transfer agreements.