In our previous post here we discussed the ICO’s announcement that it is working on new Standard Contractual Clauses (SCCs) to facilitate transfers of personal data outside the UK. The new UK SCCs will be known as the UK’s International Data Transfer Agreement (IDTA).
The ICO has now launched the public consultation on its IDTA and accompanying guidance (available here). The consultation is open for feedback until 5pm on 7 October 2021.
Purpose of the IDTA
The IDTA will replace the current UK SCCs. The ICO has already made it clear that any transfers to third countries will need to take into account the Schrems II decision and apply supplementary measures, where required. The IDTA is a contract which organisations will be able to use when making a ‘restricted transfer’. The ICO is also consulting on how to define a ‘restricted transfer’ in light of the UK GDPR. In particular, the ICO is consulting on whether to keep its current guidance that says a restricted transfer only takes place where the importer’s processing of the personal data is not subject to UK GDPR. Recognising the complexity of international transfers for businesses, the ICO Executive Director of Regulatory Strategy, Steve Wood, has said that the new guidance is designed to be accessible and to support the full range of organisations, from SMEs to multi-national companies.Continue Reading The UK’s ICO launches public consultation on new Standard Contractual Clauses