How can we help?

Privacy and Data Protection

International transfers


Political and legal developments mean the rules underpinning international data flows are constantly evolving. Our data protection team keep up-to-date on the changing guidance and advise on the most complex global transfers and data sharing arrangements.

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – International transfers

This refers to the act of sending or transmitting personal data from one country to another. It also covers when an organisation makes personal data available to another entity located in another country, i.e. such data being accessible from overseas.

The UK GDPR contains rules on the transfer of personal data to outside the UK, where these rules apply to all transfers, no matter the size of the transfer or how often you carry them out.

Yes, you can provided you have the correct arrangements in place. Transfers from the UK to the EEA do not require any new arrangements, however transfers (known as ‘restricted transfers’) to ‘third countries’, will require additional safeguards.

This will depend on a case-by-case basis, however before making a restricted transfer, you should consider if the personal data needs to be sent, and whether any personal data could be anonymised so that it is not possible to identify individuals.

Broadly, the following questions should be considered under the UK GDPR before a restricted transfer is made:

  • Is the restricted transfer covered by ‘adequacy regulations’?
  • Is the restricted transfer covered by appropriate safeguards?
  • Is the restricted transfer covered by an exception?

Key contacts

Read, listen and watch our latest insights

  • 21 November 2023
  • Privacy and Data Protection

Privacy matters: How the 8 data subject rights protect personal data

In this guide we explore the 8 data subject rights under the UK GDPR and discover how they play a vital role in preserving your organisation’s privacy standards in an increasingly interconnected world.

  • 21 November 2023
  • Privacy and Data Protection

Overview of Data Subject Access Requests

In recent months, we have witnessed a series of high-profile data breaches that have brought data protection issues to the forefront of the public’s mind and with this comes an increase in Data Subject Access Requests (DSARs).

  • 17 November 2023
  • Corporate and M&A

Should AI delete humans out of the legal sphere?

AI could potentially streamline routine legal tasks. However, there are consequences to consider when it comes to AI in the legal sphere.

  • 15 November 2023
  • Privacy and Data Protection

Can an employer monitor employees at work?

This brings up the question of whether an employer can lawfully monitor their employee, without their knowledge, if they suspect wrongdoing?

  • 30 October 2023
  • Privacy and Data Protection

New UK-US data bridge for transfers of personal data

A new data bridge, which is an extension of the EU-US Data Privacy Framework (“the DPF”), will enable UK businesses to transfer personal data to certified US organisations without the requirement of having the usual safeguards in place or performing a transfer risk assessment.

  • 11 October 2023
  • Privacy and Data Protection

Online Safety Bill set to become law

As part of the government’s manifesto commitments, they promised to introduce a bill that would strengthen online safety in the UK particularly for minors. This commitment has now been met with the introduction of the Online Safety Bill, which has now passed through all the parliamentary stages and is awaiting Royal Assent.