ORCID relies on two mechanisms to transfer personal data under the GDPR. First, ORCID obtains the consent of its users at the time of registration to the transfer of personal data from the EU to the US. Second, ORCID enters into the Standard Contractual Clauses (SCCs) with member organizations as needed.