See EU later - using the UK’s post-Brexit data transfer tools

See EU later - using the UK’s post-Brexit data transfer tools

On 11 August 2021, the Information Commissioner's Office ("ICO") published a consultation on its long-awaited draft guidance for international transfers of personal data ("Guidance"), and associated transfer tools. These tools are relevant to anyone transferring or receiving personal data subject to the UK GDPR and come in the form of a transfer risk assessment ("TRA") and an international data transfer agreement ("IDTA"). These will be the new UK equivalents of the European Transfer Impact Assessment ("TIA") and Standard Contractual Clauses ("SCCs"). Alongside these documents, the ICO also published a UK addendum to allow use of the SCCs in a UK context ("Addendum").

This is a significant development for anyone navigating UK data protection law and will require organisations to take steps yet again to update their international transfer documentation and approach. Our data protection team have developed a guide which will break down the ICO’s new transfer tools in more detail, explaining what the TRA and IDTA do, how they address the requirements of UK data protection law and how they differ from their European equivalents, namely the SCC's and the European Data Protection Board's recommendations on safeguarding international transfers.

Download PDF for more information
Katie HewsonKatie HewsonView biography
Author
© Stephenson Harwood LLP 2023. Information contained on this page is current as at the date of first publication and is for general information only. It is not intended to provide legal advice.