Compliance is a contractual obligation. Microsoft`s standard contractual clauses are available to all cloud customers under online terms of service. You`ll find information about other services in your existing contract with Microsoft. There must be a European or British law that says or implies that this type of transfer is authorized for important public interest reasons, which may be in a spirit of reciprocity for international cooperation. For example, an international agreement or agreement (signed by the UK or THE EU) that recognises certain objectives and provides for international cooperation (such as the 2005 International Convention on combating acts of nuclear terrorism). In practice, standard contractual clauses accompany, in most cases, separate data protection agreements. Therefore, to the extent that the treatment is to be done on behalf of a processing manager, the parties must agree to a contract within the meaning of section 28 of the RGPD. If an application is made by a non-EEA authority requesting a restrictive transfer under this waiver and there is an international agreement such as a Mutual Assistance Agreement (MLAT), you should consider referring the application to the MLAT or the existing agreement. The group found that the implementation of the provisions of Microsoft`s agreements was in line with its strict requirements. (Microsoft was the first cloud service provider to receive a confirmation letter and approval from the group.) The authorization included the obligations contained in the 2010/87/EU model clauses, but not in the annexes, which describe data transfers and security measures implemented by the data importer. The annexes can be analysed separately by the DATA authority. Following the european Data Protection Committee`s (EDPB) announcement this week that it is meeting its expectations for international data transfers following the Court of Justice ruling of 16 July, the European Commission has published a draft new standard contractual clauses (SDCs) and a draft enforcement decision.

The Commission`s draft clauses provide for two new modes of transmission (EU-based subcontractors to the ex-EU processor and EU subcontractors to ex-EU controllers) and contain important updates to bring the text of the clauses into line with the General Data Protection Regulation (GDPR). The draft clauses will be the subject of consultations with the EDPB and there are some points of disagreement between the Commission`s draft and the EDPB guidelines.