International personal data transfers from the EEA using SCCs—EEA controller—EEA processor—third country sub-processor—third country sub-sub-processor
Produced in partnership with the Data Protection Intelligence Group
International personal data transfers from the EEA using SCCs—EEA controller—EEA processor—third country sub-processor—third country sub-sub-processor

The following Information Law practice note produced in partnership with the Data Protection Intelligence Group provides comprehensive and up to date legal information covering:

  • International personal data transfers from the EEA using SCCs—EEA controller—EEA processor—third country sub-processor—third country sub-sub-processor
  • Purpose of this Practice Note
  • This scenario
  • Steps to be taken by EEA organisations
  • Important assumptions underpinning this guidance
  • Consider other Transfer Mechanisms
  • Other scenarios in this series

International personal data transfers from the EEA using SCCs—EEA controller—EEA processor—third country sub-processor—third country sub-sub-processor

STOP PRESS: On 7 June 2021, a decision adopted by the European Commission was published in the Official Journal of the European Union providing for new standard contractual clauses (SCCs) for transfers of personal data subject to the EU GDPR to third countries outside the EEA and for the repeal (after a grace period) of the existing international transfer SCCs under the EU GDPR. This document will be updated in due course to reflect that development. Meanwhile, see LNB News 04/06/2021 47, LNB News 07/06/2021 21 and News Analysis: The new EU GDPR standard contractual clauses for international transfers.

Purpose of this Practice Note

As explained in Practice Note: UK GDPR and EU GDPR—transfers of personal data internationally and to international organisations, Chapter V of the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) imposes restrictions on transfers of personal data outside the EEA (EEA Transfer Restrictions).

This Practice Note illustrates how standard contractual clauses pre-approved by the European Commission (also known as Model Clauses and referred to in this Practice Note as ‘SCCs’ for short) may be used to comply with EEA Transfer Restrictions.

In the scenario below, it is anticipated that personal data will be transferred as follows:

  1. from an EEA controller based in France to an EEA processor based in

Popular documents