Search

How can we help?

Privacy and Data Protection

International transfers

 

Political and legal developments mean the rules underpinning international data flows are constantly evolving. Our data protection team keep up-to-date on the changing guidance and advise on the most complex global transfers and data sharing arrangements.

Contact us

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – International transfers

This refers to the act of sending or transmitting personal data from one country to another. It also covers when an organisation makes personal data available to another entity located in another country, i.e. such data being accessible from overseas.

The UK GDPR contains rules on the transfer of personal data to outside the UK, where these rules apply to all transfers, no matter the size of the transfer or how often you carry them out.

Yes, you can provided you have the correct arrangements in place. Transfers from the UK to the EEA do not require any new arrangements, however transfers (known as ‘restricted transfers’) to ‘third countries’, will require additional safeguards.

This will depend on a case-by-case basis, however before making a restricted transfer, you should consider if the personal data needs to be sent, and whether any personal data could be anonymised so that it is not possible to identify individuals.

Broadly, the following questions should be considered under the UK GDPR before a restricted transfer is made:

  • Is the restricted transfer covered by ‘adequacy regulations’?
  • Is the restricted transfer covered by appropriate safeguards?
  • Is the restricted transfer covered by an exception?

Related services

Audits

Data breaches

Privacy documentation

Subject access requests

Key contacts
Ashan Arif

Partner

View profile

+44 118 960 4651
Stuart Mullins

Partner

View profile

+44 118 960 4672

Read, listen and watch our latest insights

art
  • 28 June 2022
  • Privacy and Data Protection

DSAR: Do I need to provide names if requested?

Under GDPR employees have the right to request access to their personal data from their employer called a DSAR. Many employers refer to groups rather than names. A recent case could have some impact on the way this is interpreted in UK GDPR.
Pub
  • 23 June 2022
  • Privacy and Data Protection

Protecting data when working remotely

Clarkslegal’s Data Protection Solicitors Melanie Pimenta and Jacob Montague discuss some of the issues surrounding data protection and hybrid or remote working.
art
  • 24 May 2022
  • Privacy and Data Protection

The Queen’s Speech: New data protection regime 

On 10 May 2022, Prince Charles confirmed, as set out in the Queen’s Speech, that there would be a new data protection regime in the UK, with some measures extending and applying to England and Wales only. 
Pub
  • 26 April 2022
  • Privacy and Data Protection

Data breaches

Clarkslegal’s Data Protection Solicitors Melanie Pimenta and Amanda Glover explain what data breaches are, how they can be risk assessed and an organisation’s obligation to report data breaches.
art
  • 26 April 2022
  • Employment

GDPR: Who are data controllers and processors?

Controllers and processors have a different set of responsibilities, and have various responsibilities when dealing with data breaches.
art
  • 29 March 2022
  • Privacy and Data Protection

Guide to the International Data Transfer Agreement

For organisations that transfer personal data from the UK to other jurisdictions, new data sharing agreements are now in force.

See More

Our related expertise

IP and Commercial

Providing guidance on contracts and agreements across all sectors, to minimise risk and maximise profitability.

Find out more

forburyTech

From brainstorm to market, provides concise, clear, and jargon free advice for start-up and small businesses in tech.

Find out more

Contact Ashan

+44 118 958 5321