New compliance requirements for cross-border transfers of EU and UK data subjects

What are the changes?

The legality of some of the common methods of cross-border transfers of European Union (EU) and United Kingdom (UK) data subjects has changed under the General Data Protection Regulation (GDPR).

As a result, for EU data to be transferred legally across borders to Australia and the US (where Lexer’s data centres are located), parties exchanging data need to have in place a specific data processing addendum which includes the “Standard Contractual Clauses” (SCCs) drafted by the European Commission.

The UK also has its own GDPR equivalent laws following Brexit, so the same issue will also impact those conducting cross-border transfers of UK data subjects, and can be remedied by the same method, plus an additional UK annexure.

Will this affect me?

If you hold personal data about residents of the European Economic Area (EEA) or the United Kingdom (UK), this change will affect you.

Since Lexer’s data centres are located in the US and Australia, clients of Lexer holding personal data from EU and UK residents will be impacted.

What does this mean for my business?

There is a compliance risk under the GDPR and UK equivalent Data Protection Act if you conduct cross-border data transfers between the EEA/UK and Australia/US without taking the recommended action (see What do I need to do next?).

What do I need to do next?

Lexer has published a new Data Processing Addendum (DPA) on our website, which incorporates the most up-to-date version of the SCCs. To ensure your own compliance, this document needs to be agreed to by 27 December 2022.

Our clients that hold the personal data of EU residents can now enter into our new DPA to ensure compliance with the GDPR.

For our clients who hold the personal data of UK residents, our DPA also includes an optional International Data Transfer Agreement (IDTA) covering the UK-equivalent privacy laws.

If:

  • you have a separate written agreement with us that uses another form of Data Processing Addendum (e.g. your version);
  • your MSA with us does not refer to our online version of the Data Processing Addendum as may be amended from time to time;
  • your alternative data processing agreement includes the SCCs as existed prior to 4 June 2021; or
  • you are unsure whether your data processing agreement terms are up to date with the current version of SCCs,

We strongly recommend that you click here to accept in writing Lexer’s new DPA, which includes the new SCCs and IDTA by 27 December 2022.

Please note that any client is free to update their DPA with us.

While this is an opt-in process, it is highly recommended because the cross-border transfers of data to Lexer without a current DPA in place is a compliance risk for our clients.

How widespread is this change? Why haven’t I heard about this from other suppliers?

This change affects all cross-border transfers of personal data to Australia and the US, and all data processing agreements which were based on the previous version of the SCCs, which are now being phased out and all such agreements need to be on the new SCCs by 27 December 2022.

If you haven’t heard from other suppliers about this change, it may be for a number of reasons. They may have data centres located in the EU/UK or a country considered by the EU to have equivalent protective status (e.g. New Zealand), or they may have made a unilateral change to their online data processing addendum without seeking your consent.

We have chosen to communicate with our clients to inform them of this change, and, once informed, to ask you to accept these new terms.

How can I get more information?

If you have questions about the SCCs, IDTA and Lexer’s Data Processing Addendum, please refer this information to your Legal, Privacy or Compliance department, and you can also email privacy@lexer.io with any questions you might have.

Here are also some additional external resources if you would like to conduct further research into the changes:

Updated:
September 23, 2022
Did this page help you?
Thank you! Your feedback has been received!
Oops! Something went wrong while submitting the form, for assistance please contact support@lexer.io
Welcome to Lexer!
Fundamentals
Getting started
Our glossary
Fundamentals
Getting started
Integrations
Fundamentals
Setup
My account
Fundamentals
Setup
Manage team
Fundamentals
Setup
Group permissions
Fundamentals
Setup
Classifications
Fundamentals
Setup
Out of the box segments
Fundamentals
Setup
Browser guide
Fundamentals
Security
Corporate networks
Fundamentals
Security
Emergency contact
Fundamentals
Security
Multi-factor authentication
Fundamentals
Security
Single sign-on
Fundamentals
Security
Trust and compliance
Fundamentals
Security
Lexer's Identity Resolution
Fundamentals
Identity Resolution
Troubleshooting tech issues
Fundamentals
Troubleshooting
Error code: 503 Service Unavailable
Fundamentals
Troubleshooting
Error code: 401 Unauthorized
Fundamentals
Troubleshooting
Error code: 403 Forbidden
Fundamentals
Troubleshooting
Troubleshooting Activate
Fundamentals
Troubleshooting
Troubleshooting Respond
Fundamentals
Troubleshooting
Help! My data is missing from the Hub
Fundamentals
Troubleshooting
Understanding APIs at Lexer
Data
Data Onboarding
Providing JSON data to Lexer
Data
Data Onboarding
Providing CSV data to Lexer
Data
Data Onboarding
Upload using SFTP
Data
Data Onboarding
Upload using S3
Data
Data Onboarding
Lexer data specification
Data
Lexer Data Specification
Customer data specification
Data
Lexer Data Specification
Commerce data specification
Data
Lexer Data Specification
Marketing data specification
Data
Lexer Data Specification
Compliance data specification
Data
Lexer Data Specification
Data Formatting and Validation
Data
Getting Started with APIs
Authentication and API token creation
Data
Getting Started with APIs
Rate Limits
Data
Getting Started with APIs
Response codes and common errors
Data
Getting Started with APIs
Product imagery
Data
Getting Started with APIs
Currency conversion
Data
Getting Started with APIs
Lexer’s APIs overview
Data
Lexer’s APIs
Dataset management in the Hub
Data
Dataset management
Chatbox user API
Data
Lexer’s APIs
Activity API
Data
Lexer’s APIs
Visualize API
Hidden from nav
Profile Read API
Data
Lexer’s APIs
Lexer Javascript Tag basics
Data
Lexer Javascript Tag
Lexer Javascript Tag technical guide
Data
Lexer Javascript Tag
Lexer Javascript Tag use cases
Data
Lexer Javascript Tag
dataLayer configuration: Shopify
Data
Lexer Javascript Tag
Customer segment CSV export
Data
Data off-boarding
Export to CSV
Data
Data off-boarding
Data in Lexer's CDXP
Understand
Customer Data
Lexer's attributes
Understand
Customer Data
Attribute value types
Understand
Customer Data
Data source - CRM
Understand
Customer Data
Data source - Transactions
Understand
Customer Data
Data source - Email
Understand
Customer Data
Partner data - Experian
Understand
Customer Data
Partner data - Mastercard
Understand
Customer Data
Partner data - Roy Morgan
Understand
Customer Data
GDPR and CCPA requests
Understand
Customer Data
Upload data files
Understand
Customer Data
File upload API
Understand
Customer Data
Data provision and schemas
Understand
Customer Data
Segment overview
Understand
Segment
Creating segments
Understand
Segment
Smart Search
Understand
Segment
Export attribute results
Understand
Segment
Contact a customer
Understand
Segment
Fixing a disabled segment
Understand
Segment
Profile tab
Understand
Segment
Compare segments
Understand
Compare
Compare attributes
Understand
Compare
Activate overview
Engage
Activate
Ongoing activations
Engage
Activate
Audience splits
Engage
Activate
A/B splits
Engage
Activate
Control group splits
Engage
Activate
Inbox filtering
Engage
Respond
Ignored Senders
Engage
Respond
Forms for service
Engage
Respond
Workflow states
Engage
Respond
Bulk changes
Engage
Respond
Scheduled replies
Engage
Respond
Message templates
Engage
Respond
Customer profiles
Engage
Respond
Grouped messages
Engage
Respond
Automation rules
Engage
Respond
Redact messages
Engage
Respond
Track overview
Measure
Track
Activity overview
Measure
Activity
Team report
Measure
Activity
Cases report
Measure
Activity
Listen overview
Measure
Listen
Searching in Listen
Measure
Listen
Tier filters
Measure
Listen
Boolean search
Measure
Listen
Saved dives
Measure
Listen
Email notifications
Measure
Listen
Twitter data
Measure
Listen
Facebook data
Measure
Listen
Instagram data
Measure
Listen
Visualize overview
Measure
Visualize
Curate feed
Measure
Visualize
Report overview
Measure
Report