Hi Guys,

I think I may already know the answer to this question but posting to seek confirmation and any additional thoughts/feedback.

Scenario is:

- Company A is located in the UK.

- Company B is located in Australia.

- Company A is reselling software provided by Company B to UK and EU customers.

- There are Data protection terms in the distribution agreement between Company A and B that state they are independent data controllers in regards to business/employee details of each other for negotiating and executing the contract.

- No additional processing of Company A's employee data will be conducted by Company B.

- No customer data will be provided by Company A back to Company B. The only data subject to transfer from UK to Australia is employees of Company A. This would technically be a restricted transfer with no adequacy agreement in place (UK -> AUS).

- Other than having an independent data controller clause in the agreement, does Company A need to implement the appropriate Standard Contractual Clauses (e.g. IDTAgreement) in addition to this clause? It seems like a lot for the minimal data that will be transferred (Small amount of Company A employee data) but understand this may be the textbook and compliant answer.

Thanks in advance for any thoughts!