--- title: "IDTA vs EU SCCs" canonical_url: "https://www.sorena.io/artifacts/uk/uk-gdpr/idta-vs-eu-sccs" source_url: "https://www.sorena.io/artifacts/uk/uk-gdpr/idta-vs-eu-sccs" author: "Sorena AI" description: "Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments." keywords: - "IDTA vs EU SCCs" - "UK Addendum vs IDTA" - "UK GDPR transfer tools" - "UK standard contractual clauses" - "IDTA vs SCCs" - "UK Addendum" - "UK GDPR transfers" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # IDTA vs EU SCCs Compare the UK IDTA, UK Addendum, and EU standard contractual clauses for UK GDPR transfer compliance, contract selection, and transfer risk assessments. *Transfer Tools* *UK GDPR* ## UK GDPR IDTA vs EU SCCs Choose the right UK transfer instrument without duplicating contracts or missing UK specific steps. The right answer depends on whether the transfer is UK only, EEA plus UK, and how the commercial paper is already structured. Most transfer confusion comes from mixing three questions: whether adequacy exists, whether a contractual tool is needed, and whether the existing EU SCC package should be extended for UK use or replaced by an IDTA. ## When to use each tool Use adequacy where the UK recognises the destination as adequate. If adequacy is not available, use the UK IDTA or use the UK Addendum to bolt UK language onto the EU SCCs. - Use the IDTA for UK only restricted transfers or simple UK vendor paper - Use the Addendum when EU SCCs already sit in the deal pack - Confirm controller, processor, and subprocessor roles before completing the tables - Keep the choice logic in a procurement ready playbook ## What does not change Neither the IDTA nor the Addendum removes the need for a transfer risk assessment, which ICO guidance also calls a data protection test in legislation. - Run a transfer risk assessment for each restricted transfer pattern - Document technical, organisational, and contractual supplementary measures - Link the transfer tool to the main services agreement and security schedule - Set review dates for destination law or vendor changes ## Practical selection checklist Keep the selection logic simple so procurement and legal teams do not reinvent it for every vendor. - Record whether the same vendor receives EEA data, UK data, or both - Check whether the destination already benefits from UK adequacy or a recognised bridge - Retain the signed tool, the linked commercial contract, and the TRA - Define who reopens the analysis when subprocessing or destination law changes *Recommended next step* *Placement: after the comparison section* ## Use UK GDPR IDTA vs EU SCCs as a cited research workflow Research Copilot can take UK GDPR IDTA vs EU SCCs from how this topic compares with adjacent regulations or standards to a reusable workflow inside Sorena. Teams working on UK GDPR can keep owners, evidence, and next steps aligned without copying this guide into separate documents. - [Open Research Copilot for UK GDPR IDTA vs EU SCCs](/solutions/research-copilot.md): Start from UK GDPR IDTA vs EU SCCs and answer scope, timing, and interpretation questions with cited outputs. - [Talk through UK GDPR](/contact.md): Review your current process, evidence gaps, and next steps for UK GDPR IDTA vs EU SCCs. ## Primary sources - [ICO international transfers guidance](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/?ref=sorena.io) - Adequacy, IDTA, Addendum, and TRA guidance. - [ICO international data transfer agreement](https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-agreement.pdf?ref=sorena.io) - IDTA A1.0, in force March 21, 2022. - [ICO international data transfer addendum](https://ico.org.uk/media/for-organisations/documents/4019537/international-data-transfer-addendum.pdf?ref=sorena.io) - UK Addendum for EU SCC based contracts. - [UK GDPR on legislation.gov.uk](https://www.legislation.gov.uk/eur/2016/679/contents?ref=sorena.io) - UK legislative text. ## Related Topic Guides - [UK GDPR Applicability Test | Territorial Scope and Roles](/artifacts/uk/uk-gdpr/applicability-test.md): Assess UK GDPR territorial scope, controller or processor role, special category triggers, and UK transfer exposure with a defensible applicability test. - [UK GDPR Breach Notification | 72 Hour ICO Reporting Guide](/artifacts/uk/uk-gdpr/breach-notification.md): Operational guide to UK GDPR breach notification, including the 72 hour ICO deadline, processor escalation, breach logging. - [UK GDPR Checklist | Practical Compliance Checklist](/artifacts/uk/uk-gdpr/checklist.md): Practical UK GDPR checklist for accountability, lawful basis, Article 30 records, processor contracts, rights handling, transfers, and breach readiness. - [UK GDPR Children and Age Appropriate Design](/artifacts/uk/uk-gdpr/children-and-age-appropriate-design.md): Implement the UK Children's Code with grounded guidance on likely to be accessed tests, high privacy defaults, profiling limits, geolocation, age assurance. - [UK GDPR Compliance Program | Operating Model Guide](/artifacts/uk/uk-gdpr/compliance.md): Build a UK GDPR compliance program with accountability, Article 30 records, DPIAs, controller processor contracts, rights operations, transfer controls. - [UK GDPR Data Subject Rights | One Month Response Guide](/artifacts/uk/uk-gdpr/data-subject-rights.md): Operational guide to UK GDPR data subject rights, including access, rectification, erasure, restriction, portability, objection. - [UK GDPR Deadlines and Compliance Calendar](/artifacts/uk/uk-gdpr/deadlines-and-compliance-calendar.md): Calendar view of UK GDPR milestones, including January 1, 2021 applicability, March 2022 transfer tools, one month rights deadlines. - [UK GDPR FAQ | Practical Questions and Answers](/artifacts/uk/uk-gdpr/faq.md): Practical UK GDPR FAQ covering scope, lawful basis, rights timing, breach reporting, transfers, children, and enforcement exposure. - [UK GDPR Penalties and Fines | Enforcement Exposure Guide](/artifacts/uk/uk-gdpr/penalties-and-fines.md): Guide to UK GDPR penalties and fines, including the 17.5 million pounds or 4 percent upper tier, the 8.7 million pounds or 2 percent standard tier. - [UK GDPR Requirements | Control Level Requirements Guide](/artifacts/uk/uk-gdpr/requirements.md): Control level UK GDPR requirements covering principles, lawful basis, transparency, rights, Article 30 records, security, contracts, transfers, and DPIAs. - [UK GDPR Transfers, IDTA, and UK Addendum](/artifacts/uk/uk-gdpr/transfers-idta-and-uk-addendum.md): Detailed UK GDPR international transfers guide covering adequacy, UK IDTA, UK Addendum, transfer risk assessments, vendor governance, and UK bridge reliance. - [UK GDPR vs Data Protection Act 2018](/artifacts/uk/uk-gdpr/uk-gdpr-vs-data-protection-act-2018.md): Compare the UK GDPR and the Data Protection Act 2018, including what the UK GDPR does directly and where the DPA 2018 supplements, restricts, or extends it. - [UK GDPR vs EU GDPR | Practical Comparison](/artifacts/uk/uk-gdpr/uk-gdpr-vs-eu-gdpr.md): Practical comparison of the UK GDPR and EU GDPR, including scope, transfers, regulators, adequacy, and operational divergence for multinational programmes. - [UK vs EU GDPR Differences | Operational Differences List](/artifacts/uk/uk-gdpr/uk-vs-eu-differences.md): Operational differences between the UK and EU privacy regimes, including transfer tools, adequacy lists, regulators, notices, and programme governance. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/uk/uk-gdpr/idta-vs-eu-sccs