The Association of Southeast Asian Nations (ASEAN) and the European Union (EU) have rolled out their completed joint guide on the ASEAN model contractual clauses (MCCs) and EU standard contractual clauses (SCCs).[1]
This is the second half of a two-part guide, with this latter segment focusing on implementation aspects of the MCCs and SCCs. Our earlier post on the first half of the guide can be found here.[2]
More specifically, the document lists specific examples of how individual safeguards required under the MCCs and SCCs can be operationalised.
Some key takeaways from this joint implementation guide include:
- Maintaining a register to document details of data transfers
- Using data inventory maps to track purposes and frequency of processing and access to data
- Putting in place standard procedures and adopting mechanisms and processes (including automated ones, where appropriate) to respond to requests for access and correction, or otherwise enabling control by individuals of their data
- Tracking data retention periods and adhering to deletion procedures
- Updating security measures periodically, including encryption, privacy-enhancing technologies, access controls and user authentication methods
- Applying selection criteria for sub-processors
- Adopting breach response plans, and adhering to protocols in the event of any incidents
Comments
As a first-of-its-kind in the world, this joint implementation guide between two vast and diverse economic and regional blocs is a significant step towards alignment of standards and interoperability of frameworks in data protection and privacy.
With that said, global businesses continue to grapple with an increasingly fragmented and complex patchwork of rules worldwide for transferring data across borders..
FOOTNOTES