Get Ready: Vendor Compliance and the UK’s Proposed TRA, IDTA and Amended EU SCCs
Less than a month ago, the Information Commissioner’s Office (ICO) revealed its draft for “how organisations can continue to protect people’s personal data when it’s transferred outside of the UK.” This consultation, which ends Oct. 7th, asks for responses to three core elements, which are 1) Proposal and plans for updates to guidance on international transfers; 2) Transfer risk assessments (TRA); and 3) The international data transfer agreement (IDTA). Additionally, the ICO has released a draft of its UK Addendum to the EU Commission Standard Contractual Clauses (SCCs). Why is this important? According to the ICO: “The IDTA will replace the current standard contractual clauses (SCCs) to take into account the binding judgment of the European Court of Justice in a case commonly known as ‘Schrems II’. The ruling required organisations to carry out further diligence when making a transfer of personal data outside of the UK to countries without an adequacy decision.” Given that vendors are often participants in these data transfers, the way you work with many of them will likely change.
In this 30-minute webinar, we’ll outline:
- The ICO announcement regarding personal data transfers and why it matters
- Anticipated impact of the IDTA on your vendor management strategy
- Steps to take today to ready your organisation for potential changes
- What the ICO Guidance, IDTA, TRA, and Amended EU SCCs mean in practice
Head of Privacy CoE, DPO