Hi. I don't understand the detail about the Art 28 being covered by the EU SCC Addendum but not the IDTA. The ICO's addendum template mentions Art 28 once, and it is very tentative. However, their IDTA template mentions it five times and does have clauses that mention the need for a linked agreement between the parties that complies with Art 28. Could you clarify more please? Thanks.
Hi Andy. The IDTA refers to a linked agreement which is to address Art 28. See eg Bird & Bird: www.twobirds.com/en/insights/2022/uk/new-uk-standard-contractual-clauses-for-personal-data-transfers: "The mandatory processor requirements under Art. 28 UK GDPR are not included: Whereas the new EU SCCs incorporate the Art. 28 GDPR requirements (i.e. when module 2 (controller to processor) of the new EU SCCs is used, it already has the appropriate mandatory processor obligations under Art. 28 built in so a separate data processing agreement is not needed between controller and processor), this is not the case with the IDTA - Clause 1.4 of the IDTA’s Mandatory Clauses makes it clear that it envisages that a linked agreement will cover this off, which it may well do in practice. However it complicates the patchwork of data transfer agreements."
Thanks for this Rob, you are always spot on.
The dog has had enough of hearing about GDPR so he/she walked out lol. This is helpful for my CIPP/E prep. Thank you.
Hi. I don't understand the detail about the Art 28 being covered by the EU SCC Addendum but not the IDTA. The ICO's addendum template mentions Art 28 once, and it is very tentative. However, their IDTA template mentions it five times and does have clauses that mention the need for a linked agreement between the parties that complies with Art 28. Could you clarify more please? Thanks.
Hi Andy. The IDTA refers to a linked agreement which is to address Art 28. See eg Bird & Bird: www.twobirds.com/en/insights/2022/uk/new-uk-standard-contractual-clauses-for-personal-data-transfers: "The mandatory processor requirements under Art. 28 UK GDPR are not included: Whereas the new EU SCCs incorporate the Art. 28 GDPR requirements (i.e. when module 2 (controller to processor) of the new EU SCCs is used, it already has the appropriate mandatory processor obligations under Art. 28 built in so a separate data processing agreement is not needed between controller and processor), this is not the case with the IDTA - Clause 1.4 of the IDTA’s Mandatory Clauses makes it clear that it envisages that a linked agreement will cover this off, which it may well do in practice. However it complicates the patchwork of data transfer agreements."
Another great video. Look forward to the next one,
Thanks so much Philip! Glad you enjoy them 😁
Great video! Thank you Robert!
Many thanks Aleksandra, very glad you enjoyed it, much appreciated! 😀
I'm sorry, how can I focus on what you're saying when that cute little thing is walking around??
My God, he's so adorable.