Some regulations, including the European GDPR, recognize that transfers of personal data to third countries require special consideration. At least, the third country or the organization has to demonstrate that it provides an adequate or similar level of protection by providing adequate safeguards.
In addition, the individual must be aware that their data is transferred to third countries and to whom.
Most companies use SCC, or Standard Contractual Clauses, to fulfill this requirement.
