What are contractual clauses authorised by the ICO?
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
What are contractual clauses authorised by the ICO?
Sometimes, you may need to enter into a bespoke contractual arrangement with the organisation you’re sending personal information to.
This could be because you’ve made significant amendments to the IDTA or Addendum, or it could be a completely different contract.
You can make a restricted transfer if:
- you and the receiver have entered into a bespoke contract governing a specific restricted transfer; and
- we have individually authorised the contract for that restricted transfer.
Before you rely on the authorised contractual clauses as a safeguard, you must complete a TRA to make sure the standard of protection for people’s information is not materially lower after you transfer it.
You can submit your contractual clauses for authorisation by emailing [email protected].