Attention Businesses: Deadline Approaching For Old EU SCCs In International Data Transfers

Print Friendly, PDF & Email

Attention Businesses: Deadline Approaching For Old EU SCCs In International Data Transfers

Author: Adam Munn

Key Contacts: Adam Munn & Declan Goodwin

If your business transfers personal data outside of the UK and is currently relying on old EU standard contractual clauses (Old EU SCCs), those agreements must be updated by 21st March 2024.

What are Old EU SCCs?

The Old EU SCCs were pre-approved contractual terms for data transfers between controllers and processors established in territories outside the European Economic Area (EEA). They offered a mechanism to guarantee adequate data protection safeguards.

Under UK data protection laws, organisations that entered into data transfer agreements prior to 31st September 2022 were permitted to rely on the Old EU SCCs until 21st March 2024.

How can organisations ensure compliant data transfers?

Following the UK’s withdrawal from the EU, organisations now have different options for ensuring lawful international data transfers.

Adequacy Decisions: The Information Commissioner’s Office (ICO) maintains a list of countries deemed “adequate” for data protection. Transfers to these countries do not require additional safeguards. A full list of countries covered under the UK’s ‘adequacy regulations’ can be found here.

Appropriate Safeguards: For transfers to non-adequate countries, organisations must implement “appropriate safeguards” to guarantee data protection. The most commonly used appropriate safeguard has been using the ICO’s approved international data transfer agreement (IDTA) or the UK Addendum to the new EU standard contractual clauses (UK Addendum). For more details on the IDTA and UK Addendum, our previous article can be found here. It is also worth mentioning that in addition to relying on the IDTA or UK Addendum, an organisation must also carry out a transfer risk assessment prior to transferring the personal data (further information can be found here).

Recommendation:

We strongly advise all businesses to review their existing international data transfer agreements immediately to ensure that all contracts are compliant and no longer rely on the Old EU SCCs. If necessary, businesses should update their agreements to incorporate the ICO’s IDTA and/or UK Addendum for continued secure data transfers.

For further information or advice, please get in touch with our Commercial and Technology Team.

Recent Posts

Changes to Company Law in 2025: A Summary
January 17, 2025
Avoiding Civil Immigration Penalties: Risks of Poor Record-Keeping
January 17, 2025
New Year, New Staff Handbook?
January 14, 2025
Long arm holds an umbrella over an employee in the rain
Preparing for Adverse Weather: A Guide for Employers
January 14, 2025
Line graph going up
Rate Rises in April 2025: National Minimum and Living Wage and Statutory Sick Pay
January 14, 2025
IP Owners vs. AI Developers
December 19, 2024

Archives

Categories

Skip to content