International transfers
Political and legal developments mean the rules underpinning international data flows are constantly evolving. Our data protection team keep up-to-date on the changing guidance and advise on the most complex global transfers and data sharing arrangements.
“Very professional, knowledgeable and accessible lawyers.”
Chambers and Partners
FAQs – International transfers
This refers to the act of sending or transmitting personal data from one country to another. It also covers when an organisation makes personal data available to another entity located in another country, i.e. such data being accessible from overseas.
The UK GDPR contains rules on the transfer of personal data to outside the UK, where these rules apply to all transfers, no matter the size of the transfer or how often you carry them out.
Yes, you can provided you have the correct arrangements in place. Transfers from the UK to the EEA do not require any new arrangements, however transfers (known as ‘restricted transfers’) to ‘third countries’, will require additional safeguards.
This will depend on a case-by-case basis, however before making a restricted transfer, you should consider if the personal data needs to be sent, and whether any personal data could be anonymised so that it is not possible to identify individuals.
Broadly, the following questions should be considered under the UK GDPR before a restricted transfer is made:
- Is the restricted transfer covered by ‘adequacy regulations’?
- Is the restricted transfer covered by appropriate safeguards?
- Is the restricted transfer covered by an exception?