Understanding the Proposed New UK SCCs and Data Transfer Assessments
Following the release in June of the European Data Protection Board’s finalized Schrems II recommendations and the European Commission’s new standard contractual clauses (SCCs), organizations transferring personal data from the UK will now also have to consider the UK Data Transfer proposals from the UK Information Commissioner’s Office (ICO) that have recently been published in August.
With the UK no longer a part of the EU, the ICO has launched a public consultation on its proposals and plans for a new form of UK SCC to be called the International Data Transfer Agreement (‘IDTA’), and a new UK transfer risk assessment (‘TRA’), and guidance for international data transfers from the UK. The ITDA will act as a contract that organisations can use when transferring personal data to countries not covered by adequacy decisions and will replace the current SCCs, also taking into account the CJEU’s decision in Schrems II.
As a continued part of a series of webinars on international data transfers, OneTrust DataGuidance and Sidley are joined by an expert panel to provide insight on the proposed UK ITDA and its provisions, the ICO’s recommendations on carrying out a TRA, and how organizations can approach the increasingly complex realm of international data flows.
The returning cross-industry panel included William Long, Partner at Sidley, Monika Tomczak-Gorlikowska, CPO – Prosus, Chris Foreman, Deputy CPO – Merck & Co., Inc., Yukiko Lorenzo, Senior Managing Counsel – Mastercard, and Lee Parker, DPO – Biogen.
Key Takeaways include:
- In-depth reaction and analysis of the new ITDA and TRA
- Key comparisons to the EDPB’s recommendations
- Key questions that remain and practical steps to take
- How to plan for international data transfers over the next few months