Standard Contractual Clauses Uk Brexit

Standard Contractual Clauses (SCCs) are often a key aspect of data protection measures between countries that transfer personal data. As the UK transitions out of the European Union (EU) there has been uncertainty surrounding the continued use of SCCs. In this article, we will dive into the details of SCCs and provide an overview of how they may be affected by Brexit.

What are Standard Contractual Clauses?

Standard Contractual Clauses are a set of legal terms and conditions that are typically included within a contract between two organizations to facilitate the flow of personal data between them. SCCs outline the responsibilities of the parties involved to ensure that personal data is protected and processed in accordance with data protection laws, such as the General Data Protection Regulation (GDPR).

The EU has adopted SCCs for use by organizations based in the European Union who transfer personal data to third countries. The European Commission has approved these clauses as providing an adequate level of protection for data transfers. SCCs can be used by organizations outside of the EU if they demonstrate that they provide adequate data protection to EU citizens.

How might Brexit impact the use of SCCs?

Following Brexit, the UK became a “third country” for the purposes of data protection. This means that the EU will no longer consider the UK to be covered by the same data protection legislation as EU member states. As such, SCCs may need to be updated to reflect the new data protection requirements.

The new UK-EU Trade and Cooperation Agreement includes provisions on data protection, including SCCs. The agreement provides for continued use of SCCs for data transfers between the UK and EU member states. However, it is important to note that this arrangement is only in place for a maximum of four years and may be subject to review during this period.

Organizations that use SCCs for data transfers should review their current contracts to ensure compliance with the new regulations. This may involve updating SCCs and seeking legal advice to ensure that contracts meet the requirements of both UK and EU data protection regimes.

It is worth noting that the continued use of SCCs may not be sufficient for some organizations. If an organization transfers sensitive or high-risk data, it may be necessary to consider alternative measures to ensure adequate protection for the data.


As the UK transitions out of the EU, organizations that transfer personal data using Standard Contractual Clauses should be aware of how Brexit may impact the use of these clauses. The new UK-EU Trade and Cooperation Agreement includes provisions for continued use of SCCs, but this arrangement is subject to review in the future. Organizations should review their current contracts and seek legal advice to ensure compliance with new regulations. Alternative measures may need to be considered for high-risk or sensitive data.

Scroll to Top