Standard contractual clauses for the transfer of personal data from the European Union to controllers established in third countries (controller-to-controller transfers) | Practical Law
Note: This resource is for historical references purposes only.
Practical Law UK Standard Clause 5-422-3155 (Approx. 15 pages)
Standard contractual clauses for the transfer of personal data from the European Union to controllers established in third countries (controller-to-controller transfers)
Note: This resource is for historical references purposes only.
Under the UK data protection regime (UK GDPR and DPA 2018), from 21 September 2022, organisations can only enter into contracts on the basis of the IDTA (Standard document, ICO International Data Transfer Agreement (IDTA) (UK)) or UK Addendum to the EU SCCs (Standard clause, ICO International Data Transfer Addendum to EU Commission Standard Contractual Clauses (UK)). Contracts concluded on the basis of Directive SCCs, and entered into prior to 21 September 2022, will continue to provide appropriate safeguards for the purpose of the UK GDPR until the transitional arrangements end on 21 March 2024, after which, organisations will not be able to rely on Directive SCCs as an appropriate safeguard under Article 46, UK GDPR.
The transition period under the EU GDPR ended 27 December 2022. All existing agreements relying on the Directive SCCs under the EU GDPR should have been replaced with EU SCCs before 27 December 2022.
This Standard clause has been adapted by Practical Law Data Protection from the original text available at the EUR-Lex Website with the permission of the Publications Office of the European Union.