These standard contractual clauses should not be confused with “model contracts” or “standard data protection clauses” for the transfer of personal data outside the EU, in accordance with Article 46 of the GDPR. Overall, the clauses are welcomed and demonstrate good commitment on the part of the regulator. We hope that in the future, the various sectors that want clarification of the data processing conditions in their sector will be able to benefit from similar initiatives. The Danish Data Protection Authority published the model agreement as part of the extension of its guidelines on data controllers and data processors developed in November 2017. Click here to read our commentary on these policies. Some of these changes also highlight the obligations of the data controller or processor. It should be noted that the standard contractual clauses of Article 28 of the GDPR, which serve for the conclusion of the order processing contract, deviate from the standard contractual clauses of Article 46 of the GDPR, which data controllers and processors can define as appropriate safeguards for the transfer of data outside the EU. It is not enough to refer to a specific provision in the framework contract or the GDPR or to indicate the category of personal data (e.g. .B.
instead of mentioning that special categories of personal data are processed, it is recommended to indicate types of personal data such as professional violations, political opinions and religious beliefs). . . .