Attention Businesses: Deadline Approaching For Old EU SCCs In International Data Transfers

Print Friendly, PDF & Email

Attention Businesses: Deadline Approaching For Old EU SCCs In International Data Transfers

Author: Adam Munn

Key Contacts: Adam Munn & Declan Goodwin

If your business transfers personal data outside of the UK and is currently relying on old EU standard contractual clauses (Old EU SCCs), those agreements must be updated by 21st March 2024.

What are Old EU SCCs?

The Old EU SCCs were pre-approved contractual terms for data transfers between controllers and processors established in territories outside the European Economic Area (EEA). They offered a mechanism to guarantee adequate data protection safeguards.

Under UK data protection laws, organisations that entered into data transfer agreements prior to 31st September 2022 were permitted to rely on the Old EU SCCs until 21st March 2024.

How can organisations ensure compliant data transfers?

Following the UK’s withdrawal from the EU, organisations now have different options for ensuring lawful international data transfers.

Adequacy Decisions: The Information Commissioner’s Office (ICO) maintains a list of countries deemed “adequate” for data protection. Transfers to these countries do not require additional safeguards. A full list of countries covered under the UK’s ‘adequacy regulations’ can be found here.

Appropriate Safeguards: For transfers to non-adequate countries, organisations must implement “appropriate safeguards” to guarantee data protection. The most commonly used appropriate safeguard has been using the ICO’s approved international data transfer agreement (IDTA) or the UK Addendum to the new EU standard contractual clauses (UK Addendum). For more details on the IDTA and UK Addendum, our previous article can be found here. It is also worth mentioning that in addition to relying on the IDTA or UK Addendum, an organisation must also carry out a transfer risk assessment prior to transferring the personal data (further information can be found here).


We strongly advise all businesses to review their existing international data transfer agreements immediately to ensure that all contracts are compliant and no longer rely on the Old EU SCCs. If necessary, businesses should update their agreements to incorporate the ICO’s IDTA and/or UK Addendum for continued secure data transfers.

For further information or advice, please get in touch with our Commercial and Technology Team.

Recent Posts

Acuity Law Reveals Role In £1.13 Million Seed Funding For London-Based Healthtech, HealthKey
April 18, 2024
International Women's Day 2024
Playing To Our Strengths
April 9, 2024
Howe Properties (NE) Ltd v Accent Housing Ltd [2024] EWCA Civ 297: Interpretation And Applicability Of Service Charge Provisions
April 8, 2024
Vento Bands 2024
April 2, 2024
Gender Pay Gap Reporting- Are You Ready?
April 2, 2024
Right To Request Flexible Working Arrangements
April 2, 2024



Skip to content