Daniel Vinnik

Lawyer

E-mail

vinnik@prikhodko.com.ua

Phone numbers

Expert in international corporate, IT, and crypto law. Has extensive experience in business setup and support in the USA, EU, LATAM, and the Middle East. Specializes in corporate structuring, compliance, KYC/AML, IP, GDPR, as well as regulation of crypto and fintech projects.

SCC GDPR

Many companies learn about SCC (Standard Contractual Clauses) not when they build compliance systematically, but when a problem has already arisen. For example: a European client asks to sign an SCC before starting cooperation; an investor or customer conducts due diligence and sees gaps in the data transfer framework; the company uses CRM, email platforms, cloud services or external contractors outside the EU, but has not properly formalized the transfer of data; a DPA is signed, but there is no transfer mechanism; a business works with user data from the EU and believes that the Privacy Policy “on the website” already solves everything.

In practice, SCC is not about a piece of paper “for checking”. It is about whether a company can legally transfer personal data outside the EU/EEA, whether it blocks itself from B2B contracts, corporate agreements, investments or access to Western markets.

That is why SCC is not only a topic for a legal article, but also a separate area of legal assistance that businesses often need urgently, substantively, and without unnecessary theory.

What is SCC in simple terms?

Standard Contractual Clauses (SCC) are standard contractual clauses used as one of the legal mechanisms for international transfers of personal data under the GDPR.

If an EU company or a company subject to the GDPR transfers data to a counterparty, service provider, contractor or group company outside the EU/EEA, such a transfer must be legally formalized in an appropriate manner.

And here typical questions begin in business:

do we really have an “international data transfer”;
do we need SCCs or is a DPA enough;
is a typical template from a counterparty suitable for us;
do we need to do a TIA;
does our contract not contradict the real data processing model;
what to show the client if he asks for a “GDPR package”.

These are the questions that a lawyer should answer, not a manager who simply sends a PDF with the name “SCC_final_v3”.

Get legal advice

When do businesses really need SCCs?

In most cases, SCCs are needed when a company:

processes personal data of customers, users, employees or contractors from the EU;
uses services or contractors in third countries;
transfers data between group companies, if one of them is located outside the EU/EEA;
concludes contracts with European customers that directly require data transfer documentation;
undergoes due diligence, vendor onboarding or compliance review.

That is, SCC is very often not a “hypothetical GDPR exotica”, but an ordinary reality for:

IT companies;
SaaS businesses;
marketing agencies;
HR and recruitment projects;
e-commerce;
EdTech;
FinTech;
service companies that work with customers from the EU.

And to be honest, many businesses already have international data transfers, they just don’t know about it. Such legal ignorance, of course, sometimes looks touching. Until the first serious request from the client.

It will also be useful: Data Processing Agreement (DPA) for GDPR

The most common mistake: the company thinks that DPA = SCC

One of the most common problems is that the business signed a Data Processing Agreement, but did not formalize the international transfer of data.

That is, the company formally regulated the controller/processor relationship, but did not close the issue of the transfer mechanism under GDPR Chapter V.

As a result, a situation arises when:

there is an agreement with the processor;
there are privacy docs;
there is a checkbox on the website;
but there is no legal basis for transferring data to a third country.

For the client, this is a risk. For us, it is a typical entry point into work.

What exactly hurts the client and what can we sell from this?

In practice, a client rarely comes and says:

“Please prepare me an SCC for Module 2 and do a Transfer Impact Assessment.”

Usually it comes with a symptom. And our task is to sell the solution correctly.

The client says: “We were sent an SCC for signature, check it”

What is really behind this request:

whether the correct module has been selected;
whether the text corresponds to the real roles of the parties;
whether there are no changes in the document that make the SCC legally weak;
whether the Annexes are correctly filled in;
whether the SCC does not contradict the main agreement, DPA, Security Addendum or Privacy Policy.

What we can offer:

legal review SCC;
red flags memo;
negotiation support with the counterparty;
reconciliation of the SCC with the DPA and master services agreement;
a short practical legal opinion for management.

The client says: “We have a DPA, is that enough?”

In most cases, no, if there is a transfer to a third country.

What we can offer:

audit of the existing data processing framework;
determination of whether there is an international data transfer;
gap analysis between DPA, SCC, privacy documentation and actual processing model;
preparation of a full package of documents under GDPR.

Client says: “European client blocks contract due to GDPR”

This is no longer a theory. This is a commercial problem. And here legal work directly affects the client’s sales.

What we can offer:

urgent preparation of SCC;
adaptation of the contract package to the requirements of a specific B2B client;
preparation of TIA;
participation in contract negotiations;
checklist for the client’s sales/compliance team.

Client says: “We want to be investor-ready / vendor-ready”

This is a more mature request. Here SCC is part of a broader data compliance architecture.

What we can offer:

data flow mapping;
vendor transfer mapping;
SCC implementation package;
TIA package;
DPA/SCC/privacy alignment;
preparation of the company for due diligence;
audit trail for an investor, client or procurement team.

What services can be formed around SCC?

The SCC topic can be sold not as “one document”, but as a line of services.

Express service: SCC Review

Suitable when the client has already received a document from a counterparty and wants to quickly understand:

whether it is possible to sign;
what risks are there;
what needs to be corrected;
whether the document complies with the GDPR.

This is a fast, clear and highly marketable service.

Comprehensive service: SCC + TIA + DPA Alignment

Suitable for companies that already have or plan to systematically work with data from the EU.

Within the framework of such a service, you can sell:

analysis of the data transfer model;
definition of the roles of the parties;
preparation or review of the SCC;
Transfer Impact Assessment;
analysis of technical and organizational measures;
updating the DPA;
synchronization with Privacy Policy and internal documents.

Compliance package for businesses entering the EU market

This is no longer a product just about SCC, but about the readiness of businesses to work with European data.

This may include:

Privacy Policy;
Cookie Policy;
DPA;
SCC;
TIA;
internal data handling questionnaire;
vendor onboarding checklist;
subprocessor documentation;
response templates for B2B clients regarding GDPR compliance.

Why is SCC a good product for legal practice?

Because this topic combines several things that businesses are willing to pay for:

risk — GDPR violations and blocking of cooperation;
urgency — documents are often needed “for yesterday”;
commercial value — without the proper package, the client may lose the deal;
scalability — one project can grow into full GDPR support;
repeatability — after one SCC request, DPA, privacy docs, vendor contracts, TIA, security appendices often arise.

So SCC is not a one-time article “for a blog.” It is a funnel for compliance services.

Find out the cost of legal support

What do we check when working with SCC?

In practical work, we usually analyze:

whether an international data transfer actually takes place;
who is the controller, processor, sub-processor;
whether there is an adequacy decision, whether SCCs are needed;
which SCC module is used;
whether the Annexes are filled in correctly;
whether a Transfer Impact Assessment is needed;
whether the SCCs correspond to the real technical and contractual model;
whether there are additional risks under Schrems II;
whether the SCCs are consistent with the DPA, MSA, privacy docs and vendor chain.

This is important because businesses often want “just a template”, but in fact need legal structuring of the transfer.

Who should especially order work with SCC?

This service is most often needed by:

IT companies and SaaS platforms;
outsourcing and outstaffing companies;
marketing and product teams working with CRM and email systems;
HR/recruitment of businesses;
companies working with European counterparties;
startups before an investment round or enterprise sales;
groups of companies with a cross-border structure.

How can we help?

Our team can support work with SCC in both a point-by-point and comprehensive format.

We can help with:

analysis of whether your model includes international transfers of personal data;
definition of the roles of the parties within the GDPR;
preparation or review of SCC;
verification of SCCs sent by your client or counterparty;
preparation of Transfer Impact Assessment (TIA);
alignment of DPA, SCC and privacy documentation;
legal support of negotiations with B2B clients and suppliers;
preparation of an investor-ready / vendor-ready GDPR package.

We can also help if the problem has already arisen: a contract is “hanging” due to GDPR, a client requires data transfer documentation, procurement does not pass onboarding or an investor raises questions about lawful cross-border data transfers.

SCC is not just another formal addendum to a contract. For businesses, it is a tool that directly determines whether data can be legally transferred outside the EU; whether a contract will be signed with a European client; whether the company will pass due diligence; whether it looks mature in terms of compliance. For legal practice, this is, in turn, a strong and completely commercial direction: with a clear client pain point, a clear value proposition, and good potential for expansion into full GDPR support.

Calculate the cost of services

1 question

Do you need GDPR consultation?

Yes

2 question

Do you need help drafting a DPA?

Yes

3 question

Are you interested in full GDPR Compliance?

Yes

You may also need:

Data Processing Agreement (DPA) for GDPR

BUSINESS REGISTRATION IN COSTA RICA

COMPANY REGISTRATION IN ESTONIA

Business registration abroad

GDPR compliance for business

Company registration for IT in Madeira

Articles on the topic:

01
Diya City – what it is in simple words and why is it useful for IT business

20%

discount

If we do not
call back
during the day

Average rating:

5/5 | Based on 34 reviews

It was pleasant and useful to talk with Diana Ternova. Very professional consultation, lots of interesting details.

Thank you to the company “Prikhodko and Partners”, personally to Danylo, who led my case to a positive result!

Very satisfied with the cooperation with the company, namely with Marina Osadchuk: attentive and responsible. I contacted her twice regarding the request, certification and apostillation of documents – everything was professional, as fast as possible in the current conditions, always in touch to resolve additional issues. The best ratio of quality and price! Top recommendations!!

I sought advice on a criminal case. The lawyers very professionally explained all possible options for the development of the situation and helped me to correctly build a defense position. I liked the attentive attention to detail and clear communication throughout the process. I recommend the company as reliable specialists

We sincerely thank Dmytro for his professional support in registering a trademark for our construction company. The process was organized clearly and concisely: from the initial consultation and name verification to submitting the application and monitoring all stages of registration.

I contacted them regarding military law, and they highly recommended this company and this particular specialist, lawyer Diana Ternova. She explained everything clearly and efficiently, answered all my questions, and stayed in touch after the consultation!

With “Prikhodko & Partners” and Danylo Goncharenko personally – the essentially impossible became possible 🙂 – I managed to get a deferment for my father’s disability in the Uman CCC – by mail, after the summons, and even without my parents’ divorce (both of retirement age)! I am super grateful to Danylo for his support, and for enduring my many naughty questions 🙂 I intend to continue this fruitful cooperation!

I received a consultation from lawyer Anna Salienko, I was very satisfied, Anna advised me so well and reliably, she is very knowledgeable and pleasant to communicate with, thank you 🙏 for the consultation 🤩

I would like to express my great gratitude to the lawyers of “Prykhodko and Partners”. Ilya Kolesnikov – You made the long and difficult path of the trial as comfortable as possible. It was very important to feel protected, have access to information, and receive answers to many questions. The process lasted 1 year and 4 months. All this time you were in touch, always quick, polite, and meaningful answers. And, of course, a wonderful result in our favor. Before you, there were many hesitations, many attempts to act independently, despair, nervous breakdowns, fraudulent lawyers…. My sincere advice to those who read my review – do not hesitate, contact a reliable lawyer. And, of course, I recommend Ilya Kolesnikov. Also, great gratitude to Ilya’s partners in our case – Anastasia Shakhovets, arbitration manager Artem Baginsky, and the lawyer who accompanied us at the meetings – Anatoly Vasilyuk. All cool and polite professionals. I wanted to add that of the large law firms, only in “Prykhodko and Partners” did I receive a meaningful preliminary consultation on the first phone call. Other large companies I contacted did not even hand the phone to the lawyer. The conversation (and usually not very polite) ended at the office manager stage. And for the choice of company/lawyer at that moment, this played a decisive role. Thank you, Ilya, for finding the time and resources to politely and professionally respond personally to even non-clients ❤️. For 1 year and 4 months, you allowed me to feel not alone, to feel protected. This was the most important thing and I will always remember it with gratitude 💙💛

I would like to sincerely thank the family practice lawyer Sukhomlyn Halina for her professional assistance in the divorce.
My husband is in the temporarily occupied territory, and I am in Germany under temporary protection. It seemed that divorce in such a situation was almost impossible.

Thanks to Halina, the entire procedure took place completely remotely, without my coming to Ukraine. I received the decision of the Ukrainian court, as well as an apostille and an official translation, which allowed me to use the documents abroad without any problems.

Everything was clear, understandable and to the point: explanations of each stage, constant communication and the feeling that the case is really being dealt with.

I recommend Halina Sukhomlyn as a reliable lawyer in complex family cases, especially when one of the parties is under occupation or abroad.

Law company

Leave a request for legal assistance right now:

9+ years on the market

70+ professional practitioners

Fixed price

Online / offline consultation

ФінТех

SCC GDPR Data Processing Agreement (DPA) for GDPR Cryptocurrency investment agreement KYC verification Investing in cryptocurrency – Legal support AML check Implementation of Travel Rule systems in Europe Obtaining a MiCA license for CASP in the EU Legal verification of the transaction for AML/CTF Obtaining CASP in Austria Opening a crypto company (CASP) in Poland Cryptocurrency and token accounting in Ukraine Real estate tokenization Obtaining an EMI license in Malta Obtaining an AEMI license in the Netherlands Legal support for crypto wallet unfreezing Register a company in England Bookmaker’s license Extension of gambling licenses in Ukraine Cancellation of gaming licenses Legal support for checking the security of a cryptocurrency wallet Legal verification of the crypto wallet Audit of a Crypto Exchange or Crypto Trader Choosing Between MetaTrader 4 (MT4) or MetaTrader 5 (MT5) Connecting the MetaTrader Platform Purchase a Ready-made Company with MT4 Purchasing a Ready-Made Company with MT5 How to to get MT4/MT5 Whitelabel licence How much does a MT4 license cost? Internet casino license TOKENIZATION SPI license in the Czech Republic Internet poker license Gambling table license Obtaining an SPI in Poland Buying a ready-made company in Singapore License for gambling equipment Obtaining an AEMI license in Lithuania Registration of tokenization of real estate and other assets in Ukraine and abroad License for gaming machine halls LICENSE FOR PAYMENT SYSTEM IN CYPRUS Legal Comparison of EMI/AEMI Electronic Money Licenses and PI Payment Institution Licenses Opening a brokerage account in Exante CREATION OF A HOLDING COMPANY IN CYPRUS The taxation system for Ukrainians in Croatia The system of taxation of Ukrainians in Slovenia Opening a business in Slovakia The system of taxation of Ukrainians in Slovakia Obtaining a crypto license in Bulgaria The system of taxation of Ukrainians in Austria Peculiarities of taxation of Ukrainians in Latvia GDPR compliance for business Legal Opinion Letter Taxation of Ukrainians in Estonia Registration of an association providing p2p services in Poland The taxation system for Ukrainians in Canada Licensing of virtual currency service providers in Spain Opening a bank account in Turkey for a legal entity Tax system for Ukrainians in Italy Obtaining a Curacao gambling license The taxation system for Ukrainians in Ireland EMI license Opening an account in the payment system Opening an account in Payoneer for entities Taxation of Ukrainians in Germany Buying a ready-made company with an EMI license Obtaining a casino license in Ukraine Lawyers in the field of blockchain technology Taxation of Ukrainians in Britain Taxation for Ukrainians in the Czech Republic Licensing of cryptocurrency activities in France Legal support for the purchase of a ready-made company with a Forex license TAXATION SYSTEM FOR UKRAINIANS IN SPAIN Relocation of business to the territory of the European Union Relocation of business to Europe Registration of an LLC (BV) in the Netherlands Registration of an entrepreneur in the Netherlands Buy a company with a crypto license Buy a ready-made company with turnover in Ukraine Buy a ready-made company with a brokerage account in Ukraine Buy a ready-made company in Estonia Buy a ready-made company in Poland Buy a ready-made company in the UAE (Dubai) Buy a ready-made company in Hong Kong with an account Buy a ready-made brokerage company with a license in Ukraine LLC registration in Bulgaria Self-Employed Person (SEP) in Malta Buying a ready company with MetaTrader 4 Registration of individual entrepreneurs (analogue) in Bulgaria Register a company in the USA Register a company in Hong Kong Company Registration in the UK A ready-made company with a cryptocurrency license Tax system in Malta Company registration in Malta Optimization of the tax burden in the UK How to unblock a money account at stock exchanges and other financial institutions? Unlocking crypto wallets on exchanges and other financial institutions Tax consultation in Europe Registration of a company (LLC) in Cyprus Registration of an IE in Great Britain Opening of an individual enterprise in the Czech Republic Registration of LLC in Great Britain Registration of an individual entrepreneur in Latvia Company registration in Latvia Opening of a sole proprietorship in Germany Comparison of MetaTrader 4 and MetaTrader 5 Opening an account in payment systems FOREX jurisdiction Termination of the GIG-contract REGISTRATION OF THE COMPANY (LLC) IN THE CZECH REPUBLIC Registration of an individual entrepreneur for IT in Europe The taxation system in Austria Tax system in Cyprus Services of MLRO – specialist The opening of the GmbH in Germany Registration of an individual entrepreneur in Austria Obtaining a forex license License to trade cryptocurrencies Registration of an offshore company Audit of smart contracts Registration of a company (LLC) in Austria COMPANY REGISTRATION IN ESTONIA OBTAINING A GAMBLING LICENSE IN ANJOAN DEVELOPMENT OF AN AML POLICY REGISTERING A CRYPTO COMPANY IN COSTA RICA Gambling license in Ukraine REGISTRATION OF AN INDIVIDUAL ENTREPRENEUR IN SPAIN OBTAINING A CRYPTO LICENSE IN KYRGYZSTAN RECEIVING CRYPTO LICENSES IN EL SALVADOR Obtaining a gambling license in the UK BUSINESS REGISTRATION IN COSTA RICA OBTAINING AN EMI LICENSE IN KAZAKHSTAN OBTAINING A CRYPTO LICENSE IN ITALY DRAWING UP A GIG CONTRACT OBTAINING A CRYPTO LICENSE IN GIBRALTAR Smart contracts: The future of agreements based on blockchain technologies and their legal support OBTAINING A CRYPTO LICENSE IN KAZAKHSTAN OBTAINING A CRYPTO LICENSE IN SWITZERLAND LEGAL SUPPORT FOR UNLOCKING CRYPTO ASSETS LEGAL SUPPORT WEB 3.0 SERVICES OBTAINING A CRYPTO LICENSE IN SINGAPORE Opening a bank account for a crypto business OPENING A BANK ACCOUNT FOR A GAMBLING BUSINESS Opening Accounts for High-Risk Businesses COMPANY REGISTRATION IN HONG KONG Gambling license in Malta OBTAINING A CRYPTO LICENSE IN SLOVAKIA OBTAINING AN EMI PAYMENT LICENSE IN LITHUANIA OBTAINING A CRYPTO LICENSE IN CURAÇAO Obtaining an SPI Payment License Cyprus STP Broker for sale Obtaining an API (Application Programming Interface) Payment License Connecting to MetaTrader 5: A Guide for Brokerage Companies OBTAINING A CRYPTO LICENCE IN HONG KONG Obtaining a payment license in Belize OBTAINING SVF LICENSE IN SINGAPORE OBTAINING A VANUATU FOREX LICENSE GETTING AN AEMI LICENSE IN THE UK CLEAN COMPANY WITH METATRADER 4 PLATFORM OBTAINING MSB CANADA LICENSE OBTAINING A CRYPTO LICENSE IN LITHUANIA OBTAINING A CRYPTO LICENSE IN POLAND OBTAINING A CRYPTO LICENSE IN THE CZECH REPUBLIC REGISTERING A BANK ACCOUNT IN HONG KONG ICO SUPPORT HOW TO CONNECTI THE METATRADER PLATFORM BANK REGISTRATION IN CYPRUS OBTAINING CRYPTO LICENSES IN THE EU AUTHORISED PAYMENT INSTITUTION IN UK OBTAINING A CASINO LICENSE OBTAINING FOREX LICENSES OBTAINING A BETTING LICENSE OBTAINING AN MSO LICENSE IN HONG KONG OBTAINING A CRYPTO LICENSE IN ESTONIA OBTAINING POKER LICENSES OBTAINING A CRYPTO LICENSE IN THE UAE OBTAINING AN EMI LICENSE , AEMI OBTAINING A CRYPTO LICENSE IN GEORGIA OBTAINING AN API, PI, PSP LICENSE OBTAINING A LOTTERY LICENSE IN CURACAO OBTAINING LOTTERY LICENSE CYPRUS INVESTMENT FIRM STP BROKER FOR SALE READY-MADE COMPANIES WITH BROKERAGE LICENSE GETTING AN EMI LICENSE IN EUROPE CRYPTOCURRENCY SETTLEMENTS IN UKRAINE

SCC GDPR

What is SCC in simple terms?

When do businesses really need SCCs?

The most common mistake: the company thinks that DPA = SCC

What exactly hurts the client and what can we sell from this?

The client says: “We were sent an SCC for signature, check it”

The client says: “We have a DPA, is that enough?”

Client says: “European client blocks contract due to GDPR”

Client says: “We want to be investor-ready / vendor-ready”

What services can be formed around SCC?

Express service: SCC Review

Comprehensive service: SCC + TIA + DPA Alignment

Compliance package for businesses entering the EU market

Why is SCC a good product for legal practice?

What do we check when working with SCC?

Who should especially order work with SCC?

How can we help?

You may also need:

Andrey Prikhodko