Eu Standard Contractual Clauses 2010

EU Standard Contractual Clauses 2010: An Overview

The EU Standard Contractual Clauses (SCCs) are a set of legal provisions that regulate the transfer of personal data from the European Union (EU) to third countries. These clauses were first introduced in 2001, and since then, they have been updated several times to ensure they remain relevant and effective.

In 2010, the EU Commission adopted a new set of SCCs (the “EU SCCs 2010”), replacing the previous version from 2004. This article will provide an overview of the EU SCCs 2010, including their scope, purpose, and key provisions.

Scope and Purpose

The EU SCCs 2010 apply to any transfer of personal data from an EU data controller to a data processor or data controller located in a third country. The provisions also cover any onward transfer of personal data by the recipient to another third party.

The purpose of the EU SCCs 2010 is to provide a standard set of contractual terms that provide adequate safeguards for personal data protection, regardless of the country to which the data is transferred. The SCCs are intended to ensure compliance with EU data protection laws, such as the General Data Protection Regulation (GDPR).

Key Provisions

The EU SCCs 2010 consist of several clauses that define the rights and obligations of the parties involved in the transfer of personal data. Some of the key provisions include:

– Data Processing: The SCCs require the data processor to process personal data only on behalf of the data controller and in accordance with its instructions. The parties must also ensure that appropriate technical and organizational measures are in place to protect the personal data.

– Security of Processing: The SCCs require both parties to implement appropriate technical and organizational measures to ensure the security of personal data. This includes ensuring the confidentiality, integrity, and availability of the data.

– Subcontracting: The SCCs require the data processor to obtain the prior written consent of the data controller before subcontracting any processing activities.

– Notification of Breach: The SCCs require both parties to notify each other without undue delay in the event of a breach of personal data.

– Audits: The SCCs provide the data controller with the right to audit the data processor`s compliance with the provisions of the SCCs.


The EU SCCs 2010 are an essential legal tool for ensuring the protection of personal data when transferred outside the EU. They provide a standard set of contractual terms that help companies comply with EU data protection laws. These clauses ensure that personal data is processed securely and lawfully and provide the data subjects with the necessary protections to safeguard their personal data. Compliance with the SCCs is crucial for businesses that operate internationally and transfer personal data, as non-compliance may result in significant fines and reputational damage.



Powered by Facebook Comments