New appropriate safeguards have been introduced to allow permitted international transfers of personal data from the EU to third countries (ie. those outside the EU and the European Economic Area and countries without EU adequacy decision).
Starting from 27 September 2021, all new contracts must include the new EU standard contractual clauses to adequately safeguard permitted international data transfers the EU to third countries.
For example: If your client is a controller or processor in Australia receiving data from a controller in the EU, then, your client must include the new EU standard contractual clauses into their contracts as Australia is a third country and not covered by an EU adequacy decision.
What about existing contracts?
Unless exceptions apply, they must be converted to include the new EU standard contractual clauses by 27 December 2022.
New EU Standard Contractual clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en
It is time to review pending contracts and existing contracts to determine whether this update applies to you and your clients.
From the IPC Panda Call