The re-papering exercise needed following the release of new EU standard contractual clauses (SCCs) in 2021 and new UK clauses for international data transfers in early 2022 represents a major challenge for many businesses.
Identifying relevant contracts alone can be time consuming and costly, drawing on significant resource if undertaken manually. PennSIFT, powered by leading AI platform Luminance, speeds up the process enabling organisations to quickly and accurately identify where changes need to be made.
PennSIFT, our transfer action reporting service, has been developed to help organisations with this repapering exercise. Compliance will require identifying and revising relevant contracts including customer, supplier, partner and intra-group agreements. Using PennSIFT organisations can rapidly review large volumes of contracts and identify those which need to be looked at in more detail for compliance purposes, achieving significant time savings.
PennSIFT will help to identify:
- transfers from the EEA currently using the old SCCs so that these can be updated with the new EU SCCs and data transfer impact assessments (DTIAs) carried out, now that the 27 December 2022 deadline has passed;
- transfers from the UK currently using the old SCCs, so that these can be updated with the new EU SCCs plus the UK addendum, or the new standalone UK International Data Transfer Agreement, ahead of the 21 March 2024 deadline (for agreements entered into before 21 September 2022 – new agreements entered into on, or after, 21 September 2022 must use the new EU SCCs plus the UK addendum, or the new standalone UK International Data Transfer Agreement), and DTIAs carried out;
- transfers currently relying on the EU-US Privacy Shield, so that these can be updated to rely on the new EU-US Data Privacy Framework or otherwise replaced with an alternative method, such as the new SCCs; and
- transfers currently relying on Binding Corporate Rules (BCRs), so DTIAs can be carried out and if necessary updated following Brexit.
PennSIFT enables organisations to gain an insight into their documents quickly by uncovering anomalies and highlighting risk that might otherwise be missed, as well as signposting where action needs to be taken to ensure compliance.
Our PennSIFT reports have been developed using market leading artificial intelligence platform Luminance. We have trained the clauses that Luminance identifies for the purposes of PennSIFT to recognise compliance concerns swiftly and accurately. The report will signpost documents which include:
- old standard contractual clauses for transfers from the EEA to third countries that have an agreement end date that is later than 27 December 2022;
- old standard contractual clauses for transfers from the UK to third countries;
- the EU-US Privacy Shield framework for transfers between the EU/UK and US; and
- another transfer mechanism, such as an article 49 derogation or an adequacy decision.
We offer a range of options – all delivered for a fixed price
- Provision of the PennSIFT report organising the documents to show clearly those which contain the above triggers and those which do not.
PennSIFT report plus
- Provision of a PennSIFT report:
- up to 5-10 hours of consultation time, subject to banding, with our PennSIFT team to answer questions on specific issues identified in the PennSIFT report.
PennSIFT report and analysis – what’s included
- Provision of a PennSIFT report.
- Review of documents flagged in the PennSIFT report by our PennSIFT team.
- Delivery of a red/amber/green (RAG) analysis report on flagged documents, outlining key issues and recommending essential remediation.
- Fixed fee for analysis to be determined on delivery of the PennSIFT report.
We can assist clients with the remediation work needed to address issues identified in the report including:
- Re-papering: We can devise and implement re-papering strategies, provide template contracts, negotiate contract amendments on our clients’ behalf and provide end-to-end management of re-papering projects.
- DTIAs: We have considerable experience advising on DTIAs for the US, India and other key jurisdictions. Our lawyers provide an integrated international service.
Our team is happy to discuss pricing with you.
We have a team of over 20 specialist lawyers advising on all aspects of data protection law to a broad portfolio of global clients. Our considerable experience and expertise enables us to provide pragmatic, solutions oriented advice.
To find out more from our team and to download our detailed brochure, click here.
Find out how your organisation is impacted and what actions you need to take using our easy to follow toolkit - Find out more here.