Standard Contractual Clauses

TECHNICAL DEFINITION

Standard Contractual Clauses (SCCs) are a legal mechanism under the General Data Protection Regulation (GDPR) approved by the European Commission, enabling the lawful international transfer of personal data from data exporters in the EEA to data importers in third countries lacking an adequacy decision. These legally binding contracts impose data protection obligations on both the data exporter and importer to safeguard the fundamental rights and freedoms of data subjects.

BACKGROUND

Risk management is the identification, evaluation, and prioritization of risks, followed by the minimization, monitoring, and control of the impact or probability of those risks occurring. Risks can come from various sources including uncertainty in international markets, political instability, dangers of project failures, legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack from an adversary, or events of uncertain or unpredictable root-cause. Retail traders also apply risk management by using fixed percentage position sizing and risk-to-reward frameworks to avoid large drawdowns and support consistent decision-making under pressure.

SYNONYMS & ALIASES

• SCCs
• Model Clauses
• EU Model Clauses
• EC Decision Clauses
• Data Transfer Clauses
• Commission Decision 2021/914

USAGE NOTE

SCCs are typically appended to a Data Processing Agreement (DPA) to legally validate cross-border data transfers under GDPR.

DEVELOPERS

Organizations developing technology related to Standard Contractual Clauses.

• OneTrust

  A leading privacy, security, and governance technology platform. OneTrust helps organizations manage compliance with global privacy regulations like GDPR, which includes automating data mapping, conducting transfer impact assessments (TIAs), and managing Standard Contractual Clauses for cross-border data transfers.

• Securiti.ai

  Provides a Data Command Center that uses AI to automate data privacy, security, and governance. Their technology helps organizations discover sensitive data, understand data flows across borders, and automate the operationalization of SCCs and other data transfer mechanisms.

• BigID

  A data intelligence platform that focuses on data discovery, classification, and governance. BigID's technology enables companies to find and catalog personal and sensitive data, which is essential for determining when SCCs are required and for managing compliance with data transfer agreements.

• TrustArc

  A provider of privacy compliance and data governance solutions. TrustArc's platform offers tools for managing international data transfers, including assessments and the implementation of frameworks like the EU-U.S. Data Privacy Framework and SCCs.

• Icertis

  A contract lifecycle management (CLM) company that uses AI to digitize and manage contracts. Its platform can be used to create, manage, and monitor data processing agreements (DPAs) that incorporate SCCs, ensuring contractual obligations for data transfers are consistently applied and tracked.

• Microsoft Purview

  A family of data governance, risk, and compliance solutions from Microsoft. It provides tools that help customers manage their GDPR compliance obligations, including providing the contractual framework and technical controls related to SCCs for data transfers using Microsoft cloud services.

• WireWheel

  A data privacy and protection platform that helps companies manage privacy programs. WireWheel's technology supports the automation of privacy impact assessments (PIAs) and transfer impact assessments (TIAs), which are critical components for validating the use of SCCs.

• DataGrail

  A privacy management platform designed to help companies comply with regulations like GDPR and CCPA. Its technology automates data subject requests and data mapping, providing visibility into data transfers and helping manage the necessary legal mechanisms like SCCs.