What is Standard Contractual Clauses (SCC)?
Standard Contractual Clauses are pre-approved model contractual clauses adopted by the European Commission to facilitate lawful international transfers of personal data to countries outside the EEA.
Standard Contractual Clauses (SCCs) are sets of contractual terms and conditions approved by the European Commission under Article 46(2)(c) of the GDPR. They serve as one of the primary legal mechanisms for transferring personal data from the European Economic Area to third countries that lack an adequacy decision. The current SCCs, adopted in June 2021, use a modular approach with four modules covering different transfer scenarios between controllers and processors.
The 2021 SCCs require organizations to conduct a Transfer Impact Assessment before making transfers, evaluating whether the destination country's legal framework provides adequate data protection. If gaps are identified, supplementary measures must be implemented. The SCCs also include provisions for onward transfers, data subject rights, obligations of the data importer, and mechanisms for dispute resolution and supervision by competent authorities.
ComplyIQ helps organizations manage SCC implementation across all international data transfers, tracking which transfers rely on SCCs, maintaining Transfer Impact Assessment documentation, and monitoring whether supplementary measures remain adequate as legal landscapes evolve in destination countries.
Relevant Regulations
How IQWorks Helps
Related Terms
Cross-Border Data Transfer
Cross-border data transfer refers to the movement of personal data from one country or jurisdiction to another, which is regulated by data protection laws that impose specific requirements to ensure adequate protection.
Adequacy Decision
An adequacy decision is a determination by the European Commission that a third country or international organization provides an adequate level of data protection, allowing free transfer of personal data from the EU without additional safeguards.
Binding Corporate Rules (BCR)
Binding Corporate Rules are internal codes of conduct approved by data protection authorities that permit multinational organizations to transfer personal data within their corporate group across international borders.
Data Processing Agreement
A Data Processing Agreement is a legally binding contract between a data controller and a data processor that governs how personal data will be processed, ensuring compliance with data protection regulations.