What is Standard Contractual Clauses (SCCs)?
Standard Contractual Clauses are pre-approved contractual terms adopted by the European Commission that provide appropriate safeguards for transferring personal data from the EU to countries without an adequacy decision.
Standard Contractual Clauses (SCCs) are standardized contractual provisions approved by the European Commission that parties can incorporate into their data transfer agreements to provide appropriate safeguards for personal data transferred from the European Economic Area to third countries that do not have an adequacy decision. The European Commission adopted updated SCCs in June 2021, replacing the previous versions and introducing a modular approach covering four transfer scenarios: controller-to-controller, controller-to-processor, processor-to-processor, and processor-to-controller.
The updated SCCs require data exporters to conduct a Transfer Impact Assessment (TIA) before transferring data, evaluating whether the legal framework of the destination country provides adequate protection. If the assessment reveals that the recipient country's laws may impinge on the effectiveness of the SCCs, supplementary measures must be implemented. These measures may include technical (such as encryption), organizational (such as internal policies and procedures), or contractual measures.
SCCs are the most widely used mechanism for international data transfers from the EU and must be adopted as-is without modification to their core terms, though they can be supplemented with additional clauses that do not contradict the standard terms. Organizations managing cross-border data flows can use ComplyIQ to track SCC requirements and maintain documentation of Transfer Impact Assessments and supplementary measures.
Relevant Regulations
How IQWorks Helps
Related Terms
GDPR (General Data Protection Regulation)
The General Data Protection Regulation is the European Union's comprehensive data protection law that sets strict rules for how organizations collect, store, and process personal data of EU residents, with fines up to 4% of annual global turnover.
Adequacy Decision
An adequacy decision is a determination by the European Commission that a third country or international organization provides an adequate level of data protection, allowing free transfer of personal data from the EU without additional safeguards.
Cross-Border Data Transfer
Cross-border data transfer refers to the movement of personal data from one country or jurisdiction to another, which is regulated by data protection laws that impose specific requirements to ensure adequate protection.
Standard Contractual Clauses (SCC)
Standard Contractual Clauses are pre-approved model contractual clauses adopted by the European Commission to facilitate lawful international transfers of personal data to countries outside the EEA.
Binding Corporate Rules (BCR)
Binding Corporate Rules are internal codes of conduct approved by data protection authorities that permit multinational organizations to transfer personal data within their corporate group across international borders.