The EU contractual clauses commonly referred as standard contractual clauses (“SCCs”) has been developed by the EU Commission and assistance of the Article 29 Working Party to make possible the data exporting safeguarding a sufficient level of data protection at the recipient.
Useful? Embed this infographic on your website.
This comes, in part, as a result of the market demand -business looking to increase their processing capabilities (storage, networkings)- EU Commision has provided different solutions for the transfer of Personal Data abroad, one of them is SCCs which aim to provide adequate contractual terms to safeguard the protection of the personal data when an international transfer takes place.
In that sense, personal data relating to EU citizens can be move to non-EU countries with not adequate level of protection (“not adequate third countries”), or to US companies which are not Privacy Shield certify and yes, it is not illegal; as far as the transfer abides the Recipient in the third country with EU data protection rules; otherwise is unlawful.
Two set of contractual standard clauses has been given to use as a Data Controller and, one set, to use with a Data Processor. The SCCs can be inserted in the main contract, and if you are considering to use them, I advise to review the guide to the preparation of contractual clauses, provided by the Council of Europe, Consultive Committee of the Convention 108 (2002).
Do you still have questions about when and how to use SCC’s? Do not hesitate to reach out.
Latest posts by Jessica Lam (see all)
- How to protect your personal data? - March 4, 2019
- Enforcement of judgement: Update CJEU Case C 210/16 - September 7, 2018
- Data Protection and Marketing - August 7, 2018