This week, we’re looking into ICO’s consultation on how organisations can continue to protect people’s personal data when it’s transferred outside of the UK.
As an organisation, when sending out personal information to a country outside the UK, we have to ensure that data protection rights remain protected.
The ICO are developing a draft international data transfer agreement which will replace the standard contractual clauses (SCCs) to consider the binding judgment of the European Court of Justice in a case commonly known as Schrems II.
The EU ruling required organisations to carry out due diligence when making transfers of personal data outside of the UK to countries that do not have an adequacy decision.
The ICO have stated that the new guidance will support the UK’s digital economy by continuing to enable the global flow of people’s information with the safeguards of high standards of data protection.
The consultation will form the final documents the ICO will present to Parliament. The consultation will continue until 5pm on the 7th October 2021.
The ICO will focus on 3 sections:
- Proposal and plans for updates to guidance on international transfers.
- Transfer risk assessments.
- The international data transfer agreement.
The agreements will help organisations to continue to trade freely while ensuring the correct protections are in place before transferring people’s data.
The ICO are considering the implementation of a a Transfer Risk Assessment (TRA) – which will help you as an organisation identify the potential risks with transferring the data outside of the UK and the safeguards that can be implemented to uphold the data protection rights.
For more information on our digital services, click here.