Home

standardavtalsklausuler

Standardavtalsklausuler, or standard contractual clauses, are model contract terms issued by the European Commission to enable transfers of personal data from the EEA to entities outside the EEA. They establish safeguards in transferral contracts so that non-EEA recipients provide a level of data protection equivalent to EU standards.

Under GDPR, transfers to third countries require appropriate safeguards. SCCs serve as such safeguards and may

Core obligations in SCCs include purposes of processing, data subject rights, information to data subjects, security

The 2021 revision modernised the framework, introducing four modular sets to suit different transfer relationships: controller-to-controller,

Practical use requires selecting the correct module, tailoring the clauses to the transaction, and implementing appropriate

be
used
by
data
exporters
(controllers
or
processors)
to
contract
with
data
importers
outside
the
EEA.
They
cover
many
transfer
scenarios,
including
cloud
processing
and
vendor
relationships.
measures,
breach
notification,
and
rules
on
sub-processing
and
onward
transfers.
They
also
address
accountability,
deletion
or
return
of
data,
and
cooperation
with
supervisory
authorities.
controller-to-processor,
processor-to-processor,
and
processor-to-controller.
The
clauses
are
designed
to
be
used
with
an
addendum
that
facilitates
evaluation
of
legislative
developments
and
potential
government
access.
After
Brexit,
the
UK
introduced
its
own
addenda
for
transfers
to
and
from
the
UK.
supplementary
measures
if
required.
Organisations
must
ensure
counterparties
commit
to
the
clauses,
keep
documentation
up
to
date,
and
monitor
regulatory
updates.