Are There Any Specific Requirements for Parties Entering into SCCs?
ANSWER
The use of SCCs, whether to satisfy the requirements of the GDPR and the EUDPR in a controller–processor relationship or as a mechanism for international data transfers, requires the parties to enter into an agreement.
To do so, the parties must complete the annexes to the SCCs, which form an integral part of the clauses. Among other things, the parties must specify:
- their contact details; and
- information regarding their respective roles under the clauses (e.g., who acts as the controller and processor, or as the data exporter and data importer).
The SCCs do not impose any specific requirements regarding the manner in which the agreement must be formalized (for example, whether it may be concluded electronically).
This matter is left to the national law governing the agreement.
The above answer is based on an official document of the European Commission.
You can review it at: https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf
A translated version of this document is also available on our blog under the title: "Standard Contractual Clauses (SCCs) – Questions and Answers".
