In the context of the UK GDPR and EU GDPR, Standard Contractual Clauses (SCCs) are legally recognised contractual terms used to safeguard personal data when it is transferred to a country outside the UK or European Economic Area that does not benefit from an adequacy decision.
SCCs impose binding obligations on both the data exporter and data importer to ensure that personal data continues to receive an appropriate level of protection, including requirements relating to security, data subject rights, transparency, and international onward transfers.
Organisations commonly use SCCs when engaging overseas service providers such as cloud hosting companies, software platforms, or outsourced support providers.
In the UK, the Information Commissioner’s Office (ICO) has adopted the International Data Transfer Agreement (IDTA) and UK Addendum to the EU SCCs as recognised transfer mechanisms under UK GDPR.
