The EU contractual clauses commonly referred as standard contractual clauses (“SCCs”) has been developed by the EU Commission and assistance of the Article 29 Working Party to make possible the data exporting safeguarding a sufficient level of data protection at the recipient.
Useful? Embed this infographic on your website.
This comes, in part, as a result of the market demand -business looking to increase their processing capabilities (storage, networkings)- EU Commision has provided different solutions for the transfer of Personal Data abroad, one of them is SCCs which aim to provide adequate contractual terms to safeguard the protection of the personal data when an international transfer takes place.
In that sense, personal data relating to EU citizens can be move to non-EU countries with not adequate level of protection (“not adequate third countries”), or to US companies which are not Privacy Shield certify and yes, it is not illegal; as far as the transfer abides the Recipient in the third country with EU data protection rules; otherwise is unlawful.
Two set of contractual standard clauses has been given to use as a Data Controller and, one set, to use with a Data Processor. The SCCs can be inserted in the main contract, and if you are considering to use them, I advise to review the guide to the preparation of contractual clauses, provided by the Council of Europe, Consultive Committee of the Convention 108 (2002).
The following infographic aims to provide in a glance with the main points of when and how to use SCCs. This should raise awareness among individuals about the measures that can be taken when their personal data is transferred abroad and also, seeks to provide businesses with an accurate knowledge of when and how they can use SCCs to legally execute international transfers of personal data.
Each lawinfographic has a visual presentation and keywords that will allow any person to comprehend at a glance the main topic. The lawinfographic and article contain several examples that have been taken from the EU law, regulations, guidelines and opinions on the matter and have been precisely referred in the documents. If you require more information, do not hesitate to consult the lawinfographic’s sources or to contact me, you can leave me a comment or reach me on Linkedin.
Recitals 95/46 and Art. 46 of the GDPR
data-protection/article-29/ documentation/opinion- recommendation/index_en.htm
Opinion 07/2001 from Art.29 of the Working Party
Handbook on european data protection law pg.137
The Privacy Shield website
Currently, the GDPR does not have EEA relevance (no yet, but soon)