The EU contractual clauses commonly referred to as standard contractual clauses (“SCCs”) has been developed to make possible the data exporting, transfer of Personal Data abroad, safeguarding a sufficient level of data protection at the recipient.
Useful? Embed this infographic on your website.
This comes, in part, as a result of the market demand -business looking to increase their processing capabilities (storage, networking)- EU Commission has provided different solutions, one of them is SCCs which aim to provide adequate contractual terms to safeguard the protection of the personal data when an international transfer takes place.
In that sense, personal data relating to EU citizens can be move to non-EU countries with a not adequate level of protection (“not adequate third countries”), or to US companies which are not Privacy Shield certify and yes, it is not illegal; as far as the transfer abides the Recipient in the third country with EU data protection rules; otherwise is unlawful.
Two sets of contractual standard clauses have been given to use as a Data Controller and, one set, to use with a Data Processor. The SCCs can be inserted in the main contract, and if you are considering to use them, I advise to review the guide to the preparation of contractual clauses, provided by the Council of Europe, Consultive Committee of the Convention 108 (2002).
Latest posts by Jessica Lam (see all)
- How to protect your personal data? - March 4, 2019
- Enforcement of judgement: Update CJEU Case C 210/16 - September 7, 2018
- Data Protection and Marketing - August 7, 2018