{"id":9107,"date":"2022-02-01T10:09:53","date_gmt":"2022-02-01T09:09:53","guid":{"rendered":"https:\/\/www.cabinetbouchara.com\/clauses-contractuelles-types-cct\/"},"modified":"2026-02-10T08:57:55","modified_gmt":"2026-02-10T07:57:55","slug":"standard-contract-clauses-scc","status":"publish","type":"page","link":"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/standard-contract-clauses-scc\/","title":{"rendered":"Standard Contract Clauses (SCC)"},"content":{"rendered":"<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">Lexicon <\/a><span style=\"color: #f5b63f\">&gt; <\/span><strong><span style=\"color: #f5b63f\">Standard Contract Clauses (SCC)<\/span><br \/><\/strong><\/p>\n<p>IT Lexicon<\/p>\n<p style=\"text-align: justify\">The standard contractual clauses are model agreements on the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-processing\/\" target=\"_blank\" rel=\"noopener noreferrer\">processing of personal data<\/a> adopted by the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/european-data-protection-board\/\" target=\"_blank\" rel=\"noopener noreferrer\">European Commission<\/a> for the following categories of <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-transfer\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data transfers:<\/a><\/p>\n<ul>\n<li style=\"text-align: justify\">Data transfers between EU and non-EU <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">controllers<\/a>;<\/li>\n<li style=\"text-align: justify\">Data transfers between EU controllers and non-EU <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/\" target=\"_blank\" rel=\"noopener noreferrer\">processors<\/a>;<\/li>\n<li style=\"text-align: justify\">Data transfers between EU processors and non-EU controllers;<\/li>\n<li style=\"text-align: justify\">Data transfers between EU and non-EU processors.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">They can provide appropriate safeguards for the protection of <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/personal-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data<\/a> for international data transfers if the laws or practices of the country of the importer of the data do not compromise the adequate level of protection afforded by the clauses, and in the absence of a decision by the European Commission finding that this third country ensures an adequate level of protection (decision of <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/adequation\/\" target=\"_blank\" rel=\"noopener noreferrer\">adequacy)<\/a>.<\/p>\n<p style=\"text-align: justify\">It is thus up to the importer and exporter of the data to assess in practice whether or not the legislation of the third country allows for the level of protection required by the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR<\/a> and the guarantees provided by the standard contractual clauses.<\/p>\n<p style=\"text-align: justify\">If the level of protection cannot be met, the exporter of the data must implement additional measures to meet the level of protection or not carry out the intended transfers.<\/p>\n<p style=\"text-align: justify\">In any case, in addition to the use of standard contractual clauses, the exporter of the data must fulfill its obligations enshrined in the GDPR in its capacity as a <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">data controller<\/a> or processor.<\/p>\n<p style=\"text-align: justify\">The standard contractual clauses should not be modified, but the parties may add other additional clauses or guarantees, provided that they do not directly or indirectly contradict the standard contractual clauses and that they do not infringe on the fundamental rights and freedoms of the persons concerned.<\/p>\n<h2>GDPR focus<\/h2>\n<p style=\"text-align: justify\"><em>&#8220;In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in the third country with appropriate safeguards for the data subject. These safeguards may consist of the use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority, or contractual clauses authorized by a supervisory authority.&#8221;<\/em><\/p>\n<p style=\"text-align: justify\">Recital 108 of the GDPR<\/p>\n<h2 style=\"text-align: justify\">Case law focus<\/h2>\n<p style=\"text-align: justify\">The Court of Justice of the European Union (CJEU) has ruled that: &#8221; <em>neither Article 702 of FISA nor E.O. 12333, read in conjunction with PPD-28, meet the minimum requirements of the principle of proportionality under Union law, so that monitoring programs based on these provisions cannot be considered limited to what is strictly necessary.<\/em><\/p>\n<p style=\"text-align: justify\"><em>In those circumstances, the limitations on the protection of personal data which derive from the United States&#8217; internal rules on access to and use of such data transferred from the Union to the United States by the American public authorities, and which the Commission assessed in the BPD decision, are not framed in such a way as to meet requirements which are substantially equivalent to those required under Union law by the second sentence of Article 52(1) of the Charter.<\/em> &#8220;<\/p>\n<p style=\"text-align: justify\">Court of Justice of the European Union, July 16, 2020, N\u00b0C-311\/18.<\/p>\n<p style=\"text-align: justify\">The Bouchara firm assists you in particular in :<\/p>\n<ul style=\"text-align: justify\">\n<li>Making your organization <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR<\/a>\u00a0compliant;<\/li>\n<li>The drafting of data protection policies (privacy policy, computer charter &#8230;);<\/li>\n<li>Documentation of your processing (register of processing activities, register of violations, privacy <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-privacy-impact-assessment-dpa\/\" target=\"_blank\" rel=\"noopener noreferrer\">impact analysis<\/a>, prior consultation&#8230;);<\/li>\n<li>Obtaining certifications and adhering to <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/code-of-conduct\/\" target=\"_blank\" rel=\"noopener noreferrer\">codes of conduct<\/a>;<\/li>\n<li>The study of the legal feasibility of the implementation of a new <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-processing\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data processing<\/a>;<\/li>\n<li>The drafting and transmission of your codes of conduct to the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/national-commission-for-information-technology-and-civil-liberties-cnil\/\" target=\"_blank\" rel=\"noopener noreferrer\">CNIL<\/a> for approval;<\/li>\n<li>Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;<\/li>\n<li>Drafting and negotiating your data processing agreements (DPA);<\/li>\n<li>Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;<\/li>\n<li>Training and awareness of your employees.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">We are also the external <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/\" target=\"_blank\" rel=\"noopener noreferrer\">Data Protection Officer<\/a> of many data <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">processors<\/a> and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/\" target=\"_blank\" rel=\"noopener noreferrer\">subcontractors<\/a>.<\/p>\n<h2>Other definitions<\/h2>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">Trademark\u00a0<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">A trademark is a distinctive sign allowing its owner (natural or legal person) to differentiate its products and services&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">GDPR<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">The GDPR refers to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">Well-known trademark<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">The concepts of reputed and well-known trademarks have been defined by the jurisprudence and designate a trademark that is widely known by the public&#8230;<\/a><\/p>\n<h3 style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">WIPO<\/a><\/h3>\n<p style=\"text-align: justify\"><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">The World Intellectual Property Organization (WIPO) is an international institution of the United Nations, located in Geneva&#8230;<\/a><\/p>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">See the lexicon<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cabinetbouchara.com\/wp-content\/uploads\/2021\/12\/Fichier-24.svg\" width=\"25\" height=\"25\" alt=\"\" class=\"wp-image-1012 alignnone size-medium\" style=\"margin-left: 15px;margin-bottom: -6px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lexicon &gt; Standard Contract Clauses (SCC) IT Lexicon The standard contractual clauses are model agreements on the processing of personal data adopted by the European Commission for the following categories of personal data transfers: Data transfers between EU and non-EU controllers; Data transfers between EU controllers and non-EU processors; Data transfers between EU processors and &#8230; <a title=\"Standard Contract Clauses (SCC)\" class=\"read-more\" href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/standard-contract-clauses-scc\/\" aria-label=\"Read more about Standard Contract Clauses (SCC)\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":9175,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-9107","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/comments?post=9107"}],"version-history":[{"count":8,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9107\/revisions"}],"predecessor-version":[{"id":19618,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9107\/revisions\/19618"}],"up":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9175"}],"wp:attachment":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/media?parent=9107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}