LegalGELegalGE
...

Standard Contractual Clauses

Can I modify the text of SCCs?

No, modifying the main text is prohibited. You must only fill in the annexes and select the appropriate module. Changing the text renders it invalid.

Where can I find approved SCCs in Georgia?

Standard Contractual Clauses are approved by the order of the Head of the Personal Data Protection Service and are available on their website.

What is TIA and why is it needed with SCC?

TIA (Transfer Impact Assessment) is a risk assessment. It is necessary to prove that legislation in the recipient country will not prevent compliance with SCC terms.

What if a partner refuses to sign SCCs?

If a partner refuses to sign SCCs and the country is not on the safe list, the data transfer is illegal and must be stopped.

Reading Time

3 min

Published

...

Standard Contractual Clauses (SCC) and Implementation

Standard Contractual Clauses (SCC) are the most common and flexible legal instrument for cross-border data transfers. These are pre-approved "template" texts by the regulator, the inclusion of which in a contract automatically ensures data protection guarantees and allows a company to transfer data to so-called "non-safe countries" without a special permit. However, using SCCs is not simply copy-pasting text; it requires detailed adaptation, completing annexes, and ensuring that contract terms are actually fulfilled in practice. Incorrect use of SCCs leads to contract invalidity and the data transfer being deemed illegal.

Our service offers full legal implementation of SCCs. The service includes:

  • Selecting the Correct Module: SCCs have several modules (Controller-Controller, Controller-Processor, etc.). The lawyer selects the correct module based on the parties' roles.
  • Adaptation and Integration of SCCs: Integrating standard terms into the Master Service Agreement without contradicting other clauses.
  • Completing Annexes: Detailed description of technical and organizational security measures, which is an integral part of the SCC.
  • Preparing Transfer Impact Assessment (TIA): A prerequisite for using SCCs is assessing risks to determine if the recipient can comply with these terms given local legislation.
  • Negotiation with Counterparties: Communicating with foreign partners to ensure they understand and sign the SCCs.

In practice, many companies formally sign SCCs but fail to fill out annexes where specific security measures (e.g., encryption methods) should be listed. Such "empty" SCCs are invalid and not recognized by the regulator. Another common mistake is choosing the wrong module—for example, when a controller transfers data to a processor but uses the Controller-Controller module, which incorrectly allocates liability. Another issue is the conflict between SCCs and the main contract (e.g., regarding liability limitations).

The use of SCCs is regulated by the Law of Georgia on Personal Data Protection and orders of the Head of the Personal Data Protection Service. Georgian SCCs largely mirror the EU model, simplifying relations with international partners. The law explicitly states that modifying SCCs (except for annexes) is prohibited; otherwise, they lose their "standard" status and require individual approval.

Working with a lawyer ensures that your contracts are "water-tight." The lawyer fills in all mandatory fields, describes data flows, and prepares the TIA. This package of documents is your defense during any audit or inspection.

Legal.ge offers access to lawyers with practical experience in drafting and negotiating SCCs. Standard clauses are your key to the global market. Use this instrument correctly and legally with the help of our specialists.

Updated: ...

Specialists for this service

Loading...