Therefore, when personal data is transferred outside the EU, a database is still needed to transmit it. These could be, for example, the Commission`s standard contractual clauses. This could also be relevant for transfers to Britain after Brexit. With regard to data processing agreements already concluded, the Danish Data Protection Authority states in its press release that the Authority has largely decided to adopt agreements based on the initial submission of the Danish Data Protection Authority and concluded before the date of notification of the new standard contractual clauses. before December 10, 2019. Although the impact of SSCs on market practices is not yet known, they may have the potential to become a new “standard” of AIM. Given that these are the first CSSSs adopted under the RGPD, it is likely that they will become a benchmark for regulators` expectations for data processing agreements. In addition, thanks to the EDPB agreement, danish SSCs may be used as a basis if regulators in other countries decide to develop their own SSCs or if the European Commission adopts SSCs with an EU-wide scope.  These standard contractual clauses should not be confused with “standard contracts” or “standard data protection clauses” for the transfer of personal data outside the EU, in accordance with Article 46 of the RGPD. On 11 December 2019, the European Data Protection Committee (ECDP) published the final text of the standard clauses adopted by the Danish supervisory authority (Datatilsynet), referred to as “Danish SA”, in accordance with Article 28, paragraph 8, of the General Data Protection Regulation (RGPD). Danish clauses are now available on the list of decisions taken by the supervisory authorities. The Danish clauses serve as a standard agreement on the processing of data that can be concluded for processing managers and subcontractors in order to meet the requirements of Article 28, paragraphs 3 and 4, of the RGPD. However, note that these CHCs are not standard data protection clauses within the meaning of Article 46, paragraph 2, paragraph c) or DS, and therefore cannot serve as a valid legal mechanism for the transfer of personal data outside the European Economic Area (“EEA”).
Under Article 28, paragraph 6, of the RGPD, the application of standard contractual clauses adopted by the national supervisory authority does not prevent parties from using other additional clauses or measures, provided they do not directly or indirectly oppose the accepted contractual clauses or jeopardize the fundamental rights and freedoms of the persons concerned.