Updated guidance on international transfers published

We have updated and enhanced our guidance on international transfers of personal information, making it quicker for businesses to understand and comply with the transfer rules under UK GDPR. 

The updated guidance clearly sets out key requirements, reduces complexity and supports the responsible transfer of personal information – evidencing our commitment to supporting innovation and economic growth. 

The streamlined guidance sets out a clear ‘three step test’ for organisations to use to identify if they’re making restricted transfers and we’ve added new content to help provide clarity on areas we know organisations have questions on. Additional new content has been added on roles and responsibilities, which reflects the complexity of multi-layered transfer scenarios. In addition, a brief guide, quick reference FAQs and a Glossary will support organisations which don’t have specialist knowledge or experience in making international transfers. 

The update is part of an ongoing project which will further develop parts of our guidance, such as our approach to transfer risk assessments (TRAs), and additional guidance on the international data transfer agreement (IDTA) and cloud services. We also plan to add an interactive tool to help organisations identify whether they’re making a restricted transfer, and more examples and case studies that reflect the complexity of global transfer scenarios. 

To further support organisations with their approach to international transfers, we are hosting a webinar to talk through the changes and highlight the main things organisations making or advising on restricted transfers need to know.