GDPR introduces Standard Data Protection Clauses ('SDPC') as one of several safeguards for transferring personal data to third countries or international organisations in Article 46 (1), (2) (c) GDPR. To function as such a safeguard, SDPC need to be adopted by the European Commission.
To date, there is a lack as SDPC have not been adapted to GDPR yet, so clauses currently in use still reflect directive requirements. Additionally, clauses specifically addressing the needs of processor-to-processor ('p2p') environments are missing. By drafting these SDPC, those issues were key to be reflected. Due to the current lack of SDPC according to Art. 46 (1) GDPR reflecting processor-to-processor environement, the development of a draft set of clauses was initiated by a consortium of different European and international companies.