Transferring people’s data outside the Bailiwick? Important deadline approaching

Published: 25 November 2022

By 27 December 2022, all local organisations who rely on the European Commission’s Standard Contractual Clauses (EC SCCs) to safely transfer people’s data outside of the Bailiwick will have to ensure they are using the updated Standard Contractual Clauses, published in June 2021
 
  • What are the EC SCCs? 
    Standard Contractual Clauses (SCCs) are defined by the EC as ‘standardised and pre-approved model data protection clauses’ – they are contractual terms and conditions which both the sender and the receiver of the personal data agree to follow to keep people’s data safe when it leaves a jurisdiction. 
     
  • What do the EC SCCs achieve? 
    SCCs aims to protect a person’s data wherever it goes – think of them like a ‘protective wrapper’ which safeguard people’s data when it leaves a jurisdiction. SCCs allow controllers and processors to comply with their obligations under the European Union’s (EU) data protection law. Controllers and processors can incorporate them into contracts with other parties, for instance commercial partners. If you choose to use SCCs to demonstrate compliance with data protection requirements, they must be used together with a binding contractual commitment to abide by them. 
     
  • What happens on 27th December 2022? 
    Up until 27 December 2022, you can continue to rely on previous SCCs for contracts that were concluded before 27 September 2021, provided that the related processing operations remain unchanged.

    After 27 December 2022 you must ensure that all your contracts are using the June 2021 EC SCCs, instead of the previous SCCs. You only need to update contracts if they relate to how you use and transfer personal data outside of the Bailiwick.
     
  • How does the Bailiwick fit into this, as we’re outside the EU? 
    The Bailiwick of Guernsey is a jurisdiction that the European Commission (EC) has decided offers an ‘adequate’ level of protection to people’s data. This means the Bailiwick’s data protection law gives equivalent protection to people’s data to that offered by the EU’s General Data Protection Regulation (GDPR). Because we are an ‘adequate’ jurisdiction, organisations can use the EC’s SCCs in conjunction with The Bailiwick of Guernsey Addendum for the European Commission’s Standard Contractual Clauses (SCCs) to legally define how they’re protecting people’s data when it is transferred outside of the Bailiwick. The Bailiwick of Guernsey Addendum for the European Commission’s Standard Contractual Clauses is a legal document you can make restricted amendments to in order to protect people’s data by using it in conjunction with the European Commission’s Standard Contractual Clauses.

Find out more about Transferring people’s data outside the Bailiwick.