International Transfers - the clock starts ticking for UK data transfer remediation
12 April 2022
12 April 2022
Rhiannon Webster and Shehana Cameron-Perera presented International transfers: the clock starts ticking for UK data transfer remediation on 05 April 2022.
During the webinar our speakers looked at where you can expect data transfers in your organisation; international transfers post Schrems II and discussed the practicalities of approaching your data remediation projects.
Key takeaways
- Nearly all organisations will be making data transfers of personal data; whether that is in the form of a transfer of data to and from clients based overseas or allowing remote access into UK systems from service providers based overseas; or at an intra-group level (for example the sharing of employee data with group legal/HR or management of the parent company outside the UK for reporting purposes/where you have centralised functions overseas).
- Whilst the new Trans-Atlantic Privacy Framework sounds promising, we caution against waiting for this to come into force and relying on it as your data transfer mechanism for transfers of personal data from the EU to the UK. Instead we advise proceeding with your remediation projects because the clock is ticking. For EU transfers, you are required to repaper existing contracts and incorporate new EU SCCs by 27 December 2022 and for UK transfers, existing contracts should be repapered to incorporate the UK IDTA/Addendum by 21 March 2024. With this in mind, develop your strategy for categorisation and prioritisation of transfers.
- When developing your strategy for prioritisation of transfers, refer to the ICO's guidance on transfer risk assessments (which is still in draft form). Key point flagged within the guidance is that where the importer and exporter are within the same group of companies, the risk of harm to individuals is reduced; therefore we advise prioritising external transfers, particularly those to unregulated entities or to electronic communication service providers or any involving special category data.
A recording of the session and the webinar slides are available below.
Ashurst are here to support you on all stages of your data transfer compliance/remediation projects and we have included our offering placemat which should provide further details.
Please do reach out to the speakers or your normal Ashurst contact if you require any further information on the topics discussed.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.