Revised Data Protection Addendum for new EU Standard Contractual Clauses 2022

Updates to the Sovrn Data Processing Addendum for the EEA or UK

Skip to Section: 

What updates have occurred?

Why have these changed?

What else has changed?

What does this mean for me?

I still have questions. 

What updates have occurred?

Sovrn has updated its Data Processing Addendum (DPA) for data transfers originating in the European Economic Area (EEA) or United Kingdom (UK) to include

  1. the new EU Standard Contractual Clauses (SCCs) published by the European Commission on June 4, 2021; and
  2. the UK ‘approved addendum’ published by the Information Commissioner's Office (ICO) on March 21, 2022.

Why have these changed?

These new SCCs are designed to better align with the regulatory requirements of the General Data Protection Regulation (GDPR), and to address issues highlighted in recent legal decisions such as Schrems II

What else has changed?

We also took this opportunity to revise portions of our DPA to make it easier to read and understand for all customers. If you are a customer who does not engage in data transfers from the EEA to the US, the changes are non-substantive.

These “new” modernized SCCs replace the 2001, 2004 and 2010 SCCs currently in use.

What does this mean for me?

When using Sovrn services, you are considered a ‘controller’ of personal data transferred from you to Sovrn.  As a controller, you have obligations under the GDPR and the standard contractual clauses, so it is important for you to review the updated DPA, along with your data practices, to make sure you are compliant with all updated requirements.

Sovrn is committed to our partnership, and has a dedicated Privacy and Compliance function that oversees our handling of personal information once it is transferred to us.  You may find more information about our practices in our Privacy Policy.

I still have questions

Please contact privacy@sovrn.com for more information.