From b947d31a838f6947f87dbe09cd6638192d63c9a1 Mon Sep 17 00:00:00 2001 From: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Date: Fri, 30 Jul 2021 14:48:50 +0200 Subject: [PATCH] SCC to transfer personal data to third countries Transfer of personal data to third countries may only take place if data importers comply with the SCC. The DUA by itself is not sufficient. --- docs/source/gdpr/data_user_agreement.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/source/gdpr/data_user_agreement.rst b/docs/source/gdpr/data_user_agreement.rst index dedb218..461892a 100644 --- a/docs/source/gdpr/data_user_agreement.rst +++ b/docs/source/gdpr/data_user_agreement.rst @@ -5,6 +5,9 @@ Data User Agreement A DUA does not provide a legal basis to share personal data (the consent does). A DUA allows controlling what happens to the data when it is shared. A DUA can be a legal instrument if the data are shared for further processing with similar purposes as the original research project (it gives a legal basis to the secondary data user). +Before transfering personal data from the European Union to third countries, data importers must also comply with the `standard contractual clauses `_ (SCC), the DUA by itself is not sufficient. + + .. _Data User Agreement (DUA): This template is based on the `Donder’s Institute DUA Version RU-DI-HD-1.0 `_.