These clauses are governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations governing the processing of personal data by the data importer in accordance with clause II(h), which only apply if the data importer chooses to do so in accordance with this clause. (a) In the event that the data importer fails to fulfil its obligations under these clauses, the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is remedied or the contract is terminated. (c) it has no reason to believe that at the time of the conclusion of these clauses, there are local laws that would significantly impair the guarantees provided for in these clauses, and it will inform the data exporter (who will transmit this notice to the authority if necessary) if it becomes aware of these laws. While the new UK CBAs will undoubtedly be an important mechanism for the transfer of personal data from the UK, the UK government has recognised the importance for the UK to make adequacy decisions to third countries such as Australia, Colombia, Dubai, Singapore, South Korea and the US. Providing the adequacy and supporting the continued free flow of personal data internationally will be a key step in the government`s plan to “develop a world-leading data policy that will bring a Brexit dividend to individuals and businesses across the UK”. However, as the UK undoubtedly wants to maintain its own adequacy decision with the EU, it remains to be seen to what extent the UK will deviate from existing EU data protection standards when developing its own standards, particularly with regard to its third-country adequacy assessments such as the US. There is no doubt that any changes to the UK`s data protection regime will require a careful balance between the UK`s own interests and those of the EU. The new EU CBAs entered into force on 27 June 2021 and can be used in data exchange agreements from that date. The former EU COLLECTIVE AGREEMENTS will be repealed with effect from 27 September 2021. All contracts concluded after 27 September 2021 must use the new EU CLAs. There is an 18-month transitional period for companies and organisations to make the necessary changes to their contractual arrangements so that contracts using former EU CLAs and concluded before 27 September 2021 remain valid until 27 December 2022.
(iii) the data importer materially or persistently breaches any warranty or obligation it has given under those clauses; The details of the transfer (as well as the personal data collected) are set out in Appendix B, which is an integral part of the clauses. (c) Either party may terminate these clauses if (i) a positive adequacy decision by the Commission in accordance with Article 25(6) of Directive 95/46/EC (or a substitute text) is adopted in respect of the country (or sector thereof) to which the data are transferred and processed by the data importer, or (ii) Directive 95/46/EC (or a successor text) becomes directly applicable in that country. Modular approach. The new CLAs have a modular structure and cover four different transfer scenarios (or modules) that the parties can choose depending on the data transfer and the relationship between the parties. In addition to the controller-to-controller and controller-to-processor transfers covered by the older CTCs, the new CCTs offer processor-to-subprocessor transfers and processor-to-controller transfers. The addition of clauses on processors to sub-processors is particularly welcome as it addresses the long-standing issue of the transfer of personal data by processors to external service providers outside the EU. (a) Each party is liable to the other parties for any damage caused by a breach of these clauses. Liability between the parties is limited to actual damages suffered. Punitive damages (i.e., damages to punish a party for their scandalous conduct) are expressly excluded. Each party is liable to the data subjects for damages caused by a violation of the rights of third parties under these clauses. This does not affect the responsibility of the data exporter under its data protection law. then, without prejudice to any other rights it has vis-à-vis the data importer, the data exporter is entitled to terminate these clauses; in that case, the Authority shall be informed if necessary.
In the cases covered by (i), (ii) or (iv) above, the data importer may also terminate these clauses. As of today, organisations operating in the EU must ensure that they are active in the new CTCs for all new contractual arrangements. For existing agreements that continue beyond 27 December 2022, i.e. when the old EU CTCs are no longer valid, companies can choose to switch immediately to the new CCS, otherwise they must ensure that they have a plan in place that allows them to switch to the new CCS before the old EU CCS are repealed. .