The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Restricted transfers

Your organisation has procedures in place to make sure that restricted transfers are made appropriately.

Ways to meet our expectations:

  • You consider whether the restricted transfer is covered by an adequacy decision or by 'appropriate safeguards' listed in data protection law, such as contracts incorporating standard contractual data protection clauses adopted by the Commission or Binding Corporate Rules (BCRs).
  • If a restricted transfer is not covered by either of the above options, you consider whether the transfer is covered by an exemption set out in Article 49 of the GDPR.

Can you answer yes to the following questions?

  • Are staff aware of the process and their responsibilities?
  • Are you meeting their training needs?
  • Do staff adhere to the policies and procedures?