ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Standard Contractual Clauses (SCC)

How Can Compliance with Article 28 GDPR Be Ensured?

ANSWER

The requirements of Article 28 GDPR have been incorporated into Module 2 (controller-to-processor transfers) and Module 3 (processor-to-processor transfers) of the SCCs. Where these modules are used, it is not necessary to conclude a separate data processing agreement, as these modules can ensure compliance both with the requirements of Article 28 GDPR and with the requirements relating to international data transfers under Article 46 GDPR.

A situation may also arise where SCCs for data transfers are not required because another transfer mechanism is available, for example where the data recipient is located in a country that is subject to an adequacy decision. In such cases, the SCCs may still be used to ensure compliance with Article 28 GDPR.

The above answer is based on an official document of the European Commission.

You can review it at: https://ec.europa.eu/info/sites/default/files/questions_answers_on_sccs_en.pdf

A translated version of this document is also available on our blog under the title: "Standard Contractual Clauses (SCCs) – Questions and Answers".

Show all
PreviousNext

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Szkolenia

Dla IOD i pracowników - otwarte, zamknięte, e-learning

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Article 28 GDPR compliance using SCC Modules 2 and 3 | ODO 24 | ODO 24