Close Menu
    CONTACT
    Business

    Can personal data be processed outside of the UK and EU?

    Martin Kayes, CISSPBy Updated:2 Mins Read

    Yes, data can be processed internationally under the UK GDPR (General Data Protection Regulation).

    Under the UK GDPR, international data transfers are permitted, but they must meet certain conditions to ensure that the transferred data remains protected to a level equivalent to that provided under UK data protection law. These conditions include:

    1. Adequacy Decision: The European Commission or the UK government can issue an adequacy decision for a ‘third country’ or international organisation, stating that it provides an adequate level of data protection, making data transfers to that destination permissible without further safeguards. The ‘third countries’ which ensure an adequate level of protection are: Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay , Japan and South Korea. Data transfer to these countries is expressly permitted
    2. Appropriate Safeguards: If there is no adequacy decision for the destination country, the data controller or processor may implement appropriate safeguards to ensure the protection of personal data. Examples of appropriate safeguards include Standard Contractual Clauses (SCCs), binding corporate rules, and approved codes of conduct or certification mechanisms.
    3. Derogations: In certain specific situations, data transfers may be permitted even without an adequacy decision or appropriate safeguards. These derogations include explicit consent from the data subject, the necessity of the transfer for the performance of a contract, or the protection of vital interests of the data subject, among others.

    We can work with you to put the safeguards in place if you organisation has to share data with a data processor not in a country covered by an Adequacy Decision

    It’s important for organisations to assess the legal requirements and implications of international data transfers under the UK GDPR to ensure compliance with data protection regulations and protect individuals’ rights and freedoms regarding their personal data.

    Of interest, from an EU GDPR perspective, since Brexit the UK is has had to be covered by an Adequacy Decision.

    Related Posts