The transfer of personal data globally is a hot topic. But do you know how personal data is shared with your supply chain and whether you are compliant following the UK’s departure from the EU?
Earlier this year the UK Information Commissioner’s Office adopted the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses (SCCs) for International Data Transfers (The UK Addendum). This addendum must be added to new EU SCC’s when making personal data transfers from the UK to third countries.
The Office also adopted the International Data Transfer Agreement (IDTA) which can be used when SCCs are not being used for the transfer of personal data from the UK to third countries.
Since 21 September 2022 UK organisations must ensure that all new data transfer agreements append the UK Addendum or IDTA, to be compliant with UK GDPR regulations.
In tandem, from 27 December 2022, the EU are mandating that all existing supplier agreements that use the EU SCCs are replaced with new SCCs. This will affect many UK organisations, and with less than three weeks to go, it’s crucial that procurement functions take the time to review and replace their existing agreements to remain compliant.
Finally, organisations in the UK have until 21 March 2024 to ensure that all their agreements comply with UK GDPR regulations and append the IDTA or the UK Addendum.