Our Privacy, Cyber & Data Strategy Team answers five questions about the standard contractual clauses that aim to ensure compliance with Articles 28(3) and (4) of the General Data Protection Regulation:
- Are controllers and processors obliged to use the Article 28 clauses for their data processing agreements?
- Do the Article 28 clauses ensure compliance with all Article 28 (3) and (4) requirements?
- Can controllers and processors modify the Article 28 clauses?
- Do the Article 28 clauses require additional language from controllers and processors?
- Can third parties become a party to the Article 28 clauses?
Click here to access the full advisory.
Alston & Bird will continue to analyze the Article 28 clauses. We will publish additional work on this and related topics.