- Do standard contractual clauses (SCCs) have to be separate, or can we include them as part of our existing data controller and processor contract?
- Will the ICO "embrace" the EDPB Recommendations?
1. Do standard contractual clauses (SCCs) have to be separate, or can we include them as part of our existing data controller and processor contract?
Organisations are free to include those standard contractual clauses in a wider contract, and to add other clauses or additional safeguards, provided that they do not contradict, either directly or indirectly, the standard contractual clauses or prejudice the fundamental rights or freedoms of data subjects.
Organisations need to ensure that they do not modify the approved set of SCCs themselves and do not add additional clauses which contradict those SCCs. In these cases, the organisation is no longer relying on approved SCCs and they need to seek authorisation from a supervisory authority in order to rely on them.
EDPB guidelines are no longer directly relevant or binding under the UK regime. However, they may still provide helpful guidance on certain issues.