Standard Contractual Clauses (SCCs) are sets of contract terms approved by the European Commission as an international data transfer tool. They provide a means for companies to comply with EU data protection laws when transferring personal data to third countries, i.e., countries outside the EU and Europe-an Economic Area (EEA) even when there is no Adequacy Decision in place.
SCCs are designed to ensure that personal data is protected and transferred in accordance with adequate privacy and security standards. The clauses require each party to take responsibility for protecting the personal information it processes, including providing appropriate technical and organizational measures (TOMs) to protect it from unauthorized access or processing. Additionally, they set out rules on how long a company can retain the data, how securely it must be stored, who has access to it, and what rights individuals have over their own data. Companies using SCCs must also monitor compliance regularly and inform the relevant authorities if there is a data incident involving the loss or misuse of personal information.
Iff SCCs are used, data recipients are today obliged to do a Transfer Impact Assessment to secure that SCCs offer meaningful protection for personal data transferred.