The ICO’s GDPR guidance pages have been devoid of any updates since the Regulation and DPA18 came into force back in May. However, the regulator has this week updated their guidance on International Transfers, providing a Q&A style assessment noting steps & actions when transferring data outside the EU.
The guidance utilises a number of questions used by organisations or entities when deciding which grounds they can rely on (if any) when making a restricted transfer. Such questions include: –
- Are we planning to make a restricted transfer of personal data outside of the EU?
- Do we need to make a restricted transfer of personal data in order to meet our purposes?
- Has the EU made an ‘adequacy decision’ in relation to the country or territory where the receiver is located or a sector which covers the receiver?
- Does an exception provided for in the GDPR apply?
The new guidance by the ICO also advises that The European Data Protection Board (EDPB) (formerly the Article 29 Working Party) is currently working on its guidance in relation to International Transfers. You can find the full ICO guidance pages using the below link: –
If you are looking for help with your GDPR documentation or need a specific International Transfer Policy, visit our GDPR Documents page to see how we can help.