See EU later - using the UK’s post-Brexit data transfer tools
On 11 August 2021, the Information Commissioner's Office ("ICO") published a consultation on its long-awaited draft guidance for international transfers of personal data ("Guidance"), and associated transfer tools. These tools are relevant to anyone transferring or receiving personal data subject to the UK GDPR and come in the form of a transfer risk assessment ("TRA") and an international data transfer agreement ("IDTA"). These will be the new UK equivalents of the European Transfer Impact Assessment ("TIA") and Standard Contractual Clauses ("SCCs"). Alongside these documents, the ICO also published a UK addendum to allow use of the SCCs in a UK context ("Addendum").
This is a significant development for anyone navigating UK data protection law and will require organisations to take steps yet again to update their international transfer documentation and approach. Our data protection team have developed a guide which will break down the ICO’s new transfer tools in more detail, explaining what the TRA and IDTA do, how they address the requirements of UK data protection law and how they differ from their European equivalents, namely the SCC's and the European Data Protection Board's recommendations on safeguarding international transfers.