Enter to open, tab to navigate, enter to select
Standard contractual clauses for the transfer of personal data from the European Union to third countries (controller-to-controller transfers)
Practical Law UK Practice Note 2-367-0996 (Approx. 26 pages)
Standard contractual clauses for the transfer of personal data from the European Union to third countries (controller-to-controller transfers)
by Practical Law Data Protection
| Law stated as at 24 May 2018 • European Union |
Note: This practice note is for historical reference purposes only.
Under the UK data protection regime (UK GDPR and DPA 2018), from 21 September 2022, organisations can only enter into contracts on the basis of the IDTA (Standard document, ICO International Data Transfer Agreement (IDTA) (UK)) or UK Addendum to the EU SCCs (Standard clause, ICO International Data Transfer Addendum to EU Commission Standard Contractual Clauses (UK)). Contracts concluded on the basis of Directive SCCs, and entered into prior to 21 September 2022, will continue to provide appropriate safeguards for the purpose of the UK GDPR until the transitional arrangements end on 21 March 2024, after which, organisations will not be able to rely on Directive SCCs as an appropriate safeguard under Article 46, UK GDPR.
The transition period under the EU GDPR ended 27 December 2022. All existing agreements relying on the Directive SCCs under the EU GDPR should have been replaced with EU SCCs before 27 December 2022.
For more information see, Practice note, Overview of data transfers (UK).
This practice note is an unofficial document which has been prepared by Practical Law Data Protection without input from the European Commission, the UK Information Commissioner or any other EU or UK data protection authority.
A practice note providing guidance on standard contractual clauses adopted under the Data Protection Directive 95/46/EC by European Commission Decision 2004/915/EC on 27 December 2004 (amending 2001/497/EC) for the transfer of personal data from data controllers in the EU to data controllers in jurisdictions outside the European Economic Area (controller-to-controller transfers) (Directive SCCs). See also, Standard contractual clauses for the transfer of personal data from the European Union to controllers established in third countries (controller-to-controller transfers).
Standard contractual clauses are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data.