ARTICLE
1 September 2022

Deadline For The New UK Data Transfer Mechanisms Nears

PC
Preiskel & Co

Contributor

Preiskel & Co logo
Preiskel & Co LLP, is an English law firm independently recognised as a leader in the telecommunications, media and technology sectors. Preiskel & Co team of lawyers is truly international many of whom are qualified in multiple jurisdictions. This international mind-set has proved of considerable advantage to many clients, as the firm advises on matters in England but also coordinates advice across Europe, and other continents. The firm also advises on issues concerning outer space and the virtual world.
Explore Firm Details
Since Brexit, on 31 January 2020, the EU and the UK's development of the General Data Protection Regulation ("GDPR") could begin to diverge. The European Commission...
European Union Privacy
Jose Saras

Since Brexit, on 31 January 2020, the EU and the UK's development of the General Data Protection Regulation ("GDPR") could begin to diverge. The European Commission adopted new Standard Contractual Clauses for the transfer of personal data from the EEA to Non-GDPR adequate countries (the "New EU SCCs").

Separately, but in a similar vein, on the 28th of January 2022, the UK's Information Commissioner's Office ("ICO") announced that the international data transfer agreement (the "IDTA"), which is ofttimes referred to as the 'UK standard contractual clauses', can indeed be used as an appropriate safeguard for transferring data outside of the UK and ensuring compliance with the UK GDPR (the retained EU law version of the GDPR).

This overlapping update to contractual transfer mechanisms have given companies additional regulatory burdens. To simplify the process, for organisations that transfer personal data outside of the EU/EEA, the UK will recognise the New EU SCCs as appropriate safeguards for transfers out of the UK, subject to the parties also using the international data transfer addendum ("IDTA Addendum") in addition to the New EU SCCs. This allows organisations to use only one set of SCCs: the New EU SCCs together with the IDTA Addendum, instead of both the New EU SCCs and the IDTA.

See here for further background information on the IDTA.

Deadline

For contracts entered into on or after 21 September 2022 (the "IDTA deadline"), organisations transferring UK originated personal data will be required to use the IDTA, or the New EU SCCs together with the IDTA Addendum.

What next?

In light of the fast-approaching IDTA Deadline, organizations conducting restricted transfers from the EU/ EEA or the UK to third countries not covered by EU 'adequacy decisions' need to take immediate action and incorporate either the IDTA or the New EU SCCs together with the IDTA Addendum in order to ensure compliance with the UK GDPR. Find the list of the countries recognised by the European Commission as providing adequate protection here.

The ICO has published additional guidance to provide support to organisations navigating this transition. See the ICO's statement here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Jose Saras
Jose Saras
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More