Standard contractual clauses for the transfer of personal data from the European Union to third countries (controller-to-controller transfers) | Practical Law
Note: This practice note is for historical reference purposes only.
Note: This practice note is for historical reference purposes only.
Under the UK data protection regime (UK GDPR and DPA 2018), from 21 September 2022, organisations can only enter into contracts on the basis of the IDTA (Standard document, ICO International Data Transfer Agreement (IDTA) (UK)) or UK Addendum to the EU SCCs (Standard clause, ICO International Data Transfer Addendum to EU Commission Standard Contractual Clauses (UK)). Contracts concluded on the basis of Directive SCCs, and entered into prior to 21 September 2022, will continue to provide appropriate safeguards for the purpose of the UK GDPR until the transitional arrangements end on 21 March 2024, after which, organisations will not be able to rely on Directive SCCs as an appropriate safeguard under Article 46, UK GDPR.
The transition period under the EU GDPR ended 27 December 2022. All existing agreements relying on the Directive SCCs under the EU GDPR should have been replaced with EU SCCs before 27 December 2022.
This practice note is an unofficial document which has been prepared by Practical Law Data Protection without input from the European Commission, the UK Information Commissioner or any other EU or UK data protection authority.
Standard contractual clauses are one of several mechanisms approved by the European Commission to ensure adequate safeguards for personal data transferred from the EU to countries which the European Commission has not found to offer adequate protection for personal data.