The guidance covers the UK data protection rules which protect an individual’s personal data when they are transferred out of the UK, as such data are potentially no longer protected after the transfer.
The guidance takes users through the requirements to ensure protection remains in place for individuals’ data on such transfers.
One possibility is that the country or territory the data are being transferred to satisfies the UK’s ‘adequacy requirements’. Under that regime, the UK recognises EEA countries (the EU member states, plus Iceland, Norway and Liechtenstein) as having adequate data protection laws. It also continues to recognise those non-EEA countries that the European Commission recognises as adequate, and a limited number of other territories.
If the adequacy requirements are not satisfied, the transferring organisation must put ‘appropriate safeguards’ in place to protect that data. Among the many options are, for example, inserting standard contractual clauses (SCCs) prescribed under UK data protection laws into data transfer agreements with non-UK recipients.
Operative date
- Now
Recommendation
- Organisations that transfer personal data out of the UK can check out the new ICO guidance on the ICO website.
This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.
Copyright © Atom Content Marketing
ICAEW Business Advice Service
Grow your business with trusted business advice. We connect entrepreneurs, start-ups, and SMEs with ICAEW regulated accountancy firms who will provide a free initial consultation without obligation.
About Legal Alert
Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.