What are the EC SCCs?
Standard Contractual Clauses (SCCs) are defined by the EC as ‘standardised and pre-approved model data protection clauses’ – they are contractual terms and conditions which both the sender and the receiver of the personal data agree to follow to keep people’s data safe when it leaves a jurisdiction.
What do the EC SCCs achieve?
SCCs aims to protect a person’s data wherever it goes – think of them like a ‘protective wrapper’ which safeguard people’s data when it leaves a jurisdiction. SCCs allow controllers and processors to comply with their obligations under the European Union’s (EU) data protection law. Controllers and processors can incorporate them into contracts with other parties, for instance commercial partners. If you choose to use SCCs to demonstrate compliance with data protection requirements, they must be used together with a binding contractual commitment to abide by them.
What happens on 27th December 2022?
Up until 27 December 2022, you can continue to rely on previous SCCs for contracts that were concluded before 27 September 2021, provided that the related processing operations remain unchanged.
After 27 December 2022 you must ensure that all your contracts are using the June 2021 EC SCCs, instead of the previous SCCs. You only need to update contracts if they relate to how you use and transfer personal data outside of the Bailiwick.
How does the Bailiwick fit into this, as we’re outside the EU?
The Bailiwick of Guernsey is a jurisdiction that the European Commission (EC) has decided offers an ‘adequate’ level of protection to people’s data. This means the Bailiwick’s data protection law gives equivalent protection to people’s data to that offered by the EU’s General Data Protection Regulation (GDPR). Because we are an ‘adequate’ jurisdiction, organisations can use the EC’s SCCs in conjunction with The Bailiwick of Guernsey Addendum for the European Commission’s Standard Contractual Clauses (SCCs) to legally define how they’re protecting people’s data when it is transferred outside of the Bailiwick. The Bailiwick of Guernsey Addendum for the European Commission’s Standard Contractual Clauses is a legal document you can make restricted amendments to in order to protect people’s data by using it in conjunction with the European Commission’s Standard Contractual Clauses.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance