Standard contractual clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor transfers) | Practical Law

Standard contractual clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor transfers) | Practical Law

Note: This practice note is for historical reference purposes only.

Standard contractual clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor transfers)

by Practical Law Data Protection
Law stated as at 15 Jun 2017European Union
Note: This practice note is for historical reference purposes only.
Under the UK data protection regime (UK GDPR and DPA 2018), from 21 September 2022, organisations can only enter into contracts on the basis of the IDTA (Standard document, ICO International Data Transfer Agreement (IDTA) (UK)) or UK Addendum to the EU SCCs (Standard clause, ICO International Data Transfer Addendum to EU Commission Standard Contractual Clauses (UK)). Contracts concluded on the basis of Directive SCCs, and entered into prior to 21 September 2022, will continue to provide appropriate safeguards for the purpose of the UK GDPR until the transitional arrangements end on 21 March 2024, after which, organisations will not be able to rely on Directive SCCs as an appropriate safeguard under Article 46, UK GDPR.
For more information see, Practice note, Overview of data transfers (UK).
This practice note is an unofficial document which has been prepared by Practical Law Data Protection without input from the European Commission, the UK Information Commissioner or any other EU or UK data protection authority.
A practice note providing guidance on the standard contractual clauses adopted under the Data Protection Directive (95/46/EC) by the European Commission for the transfer of personal data from data controllers in the EU to data processors in jurisdictions outside the European Economic Area (EEA) (Decision 2010/87/EU) (Directive SCCs). See also corresponding Standard contractual clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor transfers).
Standard contractual clauses are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data.