ARTICLE
11 October 2023
Mondaq Thought Leadership Award Winner

No Need To Mind The Gap – UK Extension Is A Data Bridge For US-UK Data Transfers

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
Beginning today, the UK adequacy decision for US data protection measures goes into effect.
United Kingdom Privacy

Beginning today, the UKadequacy decisionfor US data protection measures goes into effect. As a result, UK companies can transfer personal information to entities in the US that are participants in theEU-US Data Privacy Framework(DPF). As part of the decision, the UK Secretary of State will review the ongoing sufficiency of the DPF every four years. The ICO, in supporting the decision,suggestedthat the UK Secretary of State look at specific factors when reassessing the program. These include the risk to UK data subjects for automated decision making and right to be forgotten.

Not all US companies will necessarily want to participate in the DPF (see more about the processhere). If they do not, then UK companies making transfers will need to rely on existing mechanisms, like SCCs coupled withsupplemental safeguard measures.

Putting in into Practice: This extension was expected, but companies who are considering DPF participation for UK-EU transfers should keep in mind that the UK review of the program is on a different cadence than that in the EU.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More