Do I need Standard Contractual Clauses?

Whether or not you need a standard contractual clause (SCC) for your business depends on a number of factors, including the type of business you operate, the types of data you collect and process, and where you are located.

In general, SCCs are a specific type of contract that can be used to transfer personal data from the European Union (EU) to a recipient in a country outside of the EU. This is because the EU has strict rules about transferring personal data outside of its borders, and SCCs are one way to help ensure that personal data is adequately protected when it is transferred to recipients in other countries.

If you operate a business that collects and processes personal data from individuals in the EU, and you need to transfer that data to a recipient in a country outside of the EU, you may need to use SCCs in order to comply with the EU's General Data Protection Regulation (GDPR). This is because the GDPR requires that any organization that transfers personal data from the EU to a recipient in a non-EU country must ensure that the data is adequately protected and that the recipient is contractually bound to protect the data. One way to do this is by using SCCs, which are a set of standardized contract terms that have been approved by the European Commission as providing an adequate level of protection for personal data.

It is important to note, however, that SCCs are not the only way to transfer personal data from the EU to a non-EU country. There are other mechanisms that can be used, such as binding corporate rules (BCRs) or obtaining the explicit consent of the individual whose data is being transferred. Therefore, whether or not you need SCCs for your business will depend on your specific circumstances and the specific requirements of the GDPR. It is always best to consult with a legal professional to determine the appropriate course of action for your business.

Definition

What's a personal data?

A personal data is any information that identifies or can be used to identify an individual directly or indirectly. Examples of personal data include, but are not limited to: first and last name, date of birth, email address, postal address, gender, occupation, photography, or other demographic information.
Compliance

Can I transfer data outside the European Union?

Location where data is stored is a paramount criteria for controllers. If servers hosting data are located in the European Union or in an adequate country, data transfers can be operated without additional safeguards as these countries’ legislations are protective enough of personal data and individuals’ rights.
Definition

What are Technical and Organizational Measures (TOM)?

According to the Article 32 of the GDPR, the processor has to implement and document appropriate technical and organizational measures to ensure a level of security appropriate to the risk entailed by the processing activity, in particular:

Become GDPR compliant in minutes!

Privacyboard helps you comply with GDPR easily so you can focus on what's really important for your business.
Start for free
Privacyboard

Product

PricingAbout

Ressources

BlogSubprocessorsKnowledge CenterGlossarySupervisory AuthoritiesEmail Templates

Legal

Privacy PolicyCookie PolicySubprocessorsRight RequestsTerms
Made in  🇪🇺  with  ☕️