Miro Revised Data Protection Addendum for new EU Standard Contractual Clauses
Miro has updated our (DPA) to include the new EU Standard Contractual Clauses (SCCs). This guide contains answers to common questions about this change.
Why is Miro updating the Data Protection Addendum (DPA)?
We updated the DPA in accordance with our new statutory requirements and incorporate the new Standard Contractual Clauses (SCCs).
The new SCCs address issues highlighted in recent legal decisions such as Schrems II and will only apply to customer services that will require data transfers from the EEA to the US.
Does this impact me as a customer?
The updates to the DPA to incorporate the SCCs are only applicable to customers who use Miro to process EEA personal data.
What do I need to do?
For those customers subject to our online DPA, no action is required. The updated DPA will automatically become part of your agreement with us effective September 27, 2021.
If you have negotiated a separate DPA with Miro, which includes the prior version of the SCCs, those SCCs will remain in place and effective until December 27, 2022. These will be updated at renewal; however, we recognise that some customers may wish to update them prior to Dec 27, 2022, please contact us at: firstname.lastname@example.org.
Are we making other changes to our DPA?
In addition to integrating the new SCCs (as well as the UK Scc’s), we have revised parts of the DPA to make it easier to read and understand for all of our global customers. Aside from these updates, however, we made no substantive changes.
What changes do the EU’s new SCCs contain?
The new standard contractual clauses contain a large number of ‘Schrems II’ obligations in order to comply with the requirements of the European Court of Justice and the European Data Protection Board on third country transfers, including requirements to apply additional transparency and notification controls covering government access requests, and to carry out and document an assessment of the laws of the third country to confirm that the local laws in the importing country does not prevent compliance with the terms in the SCCs. The new SCCs are modular and can be tailored to the type of transfer.
I am based in the United Kingdom, will the new SSCs apply to transfers of personal data from the UK to the US?
The ICO adopted the ‘old versions’ of the SCCs, not the new EU SCCs. These will continue to apply to transfers of personal data from the UK to the US until the UK recognizes the European Commission’s new SCCs or adopts its own version. We have incorporated UK transfers within our DPA.
For more information about UK data transfers, please view the ICO website on SCCs and data transfers.