What are Standard Contractual Clauses?

What are Standard Contractual Clauses?

SCCs are standard sets of contractual terms and conditions which both the sender and the receiver of the personal data sign up to and ensure that the rights and freedoms of the individual are considered and upheld.

Standard Contractual Clauses (SCCs) are aimed at protecting personal data that is leaving the EEA and therefore to countries that do not have an adequacy decision, and therefore may not afford the same level of security to personal data. SCCs, through contractual obligation ensure data is protected to a level required under the GDPR.

When sending personal data from within the EEA to someone outside of the EEA then it is necessary to comply with the GDPR and the rules it sets out on international transfers of personal data. SCCs are one of the safeguards which can be used to comply, and it is the one most likely to be used by small and medium-sized businesses.

SCCs help unify the approach to cross border processing thus ensuring the continued compliance with the GDPR’s requirements for the international transfer of data and will help to ensure the free flow of personal data.

Using SCCs

The clauses are intended to provide appropriate safeguards for international data transfers under Article 46 of the GDPR, however it is important to note the that the SCCs must not be altered. However, it is perfectly acceptable for the controller or the processor to add them to a fuller contract and also to add any additional safeguards that is seen as necessary assuming that does not contravene either directly or indirectly the SCCs or the right of the data subject.


What is included in SCCs

SCCs set out the rights and obligations of both the data controller and the data processor, when they are processing personal data on behalf of the data controller. The clauses are designed to ensure that each is compliant with GDPR, they include obligations on behalf of both parties involved and set out rights for the individuals whose personal data is being transferred.


In conclusion

  • SCCs are designed to harmonise data protection between those countries within the EEA and those without adequacy this in turn ensures that personal data is protected to a level that is acceptable under GDPR.
  • SCCs are easy to use and could remove the need for the negotiation of individual contracts.
  • The clauses used in SCCs with regards to the transfer and processing of personal data are deemed to be in compliance with the GDPR.
  • SCCs can be added to existing contracts.