At the beginning of the month, the European Commission (EC) announced that it has adopted two new sets of SCCs, one for controllers and processors, and one to be used for the transfer of personal data to third countries.
The changes come after a public consultation where the EC took opinions from Member State’s representatives and the EDPB. If you’re currently using the old SCCs, there is an 18-month transition period. But do remember that the Information Commissioner’s Office (ICO) will be adopting its own SCCs (hopefully later this year), so you need to think about what would be most appropriate for your business, considering the flow of data in the UK and overseas.
SCCs may be necessary if your organisation is making a restricted transfer of personal data. However, the safeguards you put in place will depend on a number of factors including the nature of the data being transferred and the country or countries its being transferred to. The ICO has some good guidance on its website with respect to international data transfers here.
If anyone is interested to take a look at the new SCC’s adopted by the EC, they can be found here.