Context: On June 4, 2021, the European Commission published new standard contractual clauses (“New SCCs"). Under the General Data Protection Regulation (“GDPR"), transfers of personal data to countries outside of the European Economic Area (EEA) must meet certain conditions. The New SCCs are an approved mechanism to enable companies transferring personal data outside of the EEA to meet those conditions, and they replace the previous set of standard contractual clauses (“Old SCCs"), which were deemed inadequate by the Court of Justice of the European Union (“CJEU"). The New SCCs made a number of improvements to the previous version, including but not limited to (i) a modular design which allows parties to choose the module applicable to the personal data being transferred, (ii) use by non-EEA data exporters, and (iii) strengthened data subjects rights and protections.
Rapid7 Action: In light of the European Commission's adoption of the New SCCs, Rapid7 performed a thorough assessment of its personal data transfers which involved reviewing the technical, contractual, and organizational measures we have in place, evaluating local laws where the personal data will be transferred, and analyzing the necessity for the transfers in accordance with the type and scope of the personal data being transferred. Rapid7 will be updating our Data Processing Addendum on September 27, 2021, to incorporate the New SCCs, where required, for the transfer of personal data outside of the EEA. Rapid7's adoption of the New SCCs helps ensure we are able to continue to serve all our clients in compliance with GDPR data transfer rules.
For more information about our security and privacy program, please email email@example.com.