The ICO has launched a consultation on its international data transfer agreement (IDTA). This is the agreement that would be used as a safeguarding mechanism for restricted transfers of data covered by the UK GDPR.
As part of the consultation, it has also released:
- a draft transfer risk assessment toolkit for use in conjunction with the IDTA, and which must be completed in order to ensure that the IDTA works as intended in the country where the importer of the data is located.
- a draft addendum, which is designed to enable parties which are relying on the EU Standard Contractual Clauses (SCCs) to govern a restricted transfer to add an addendum to those EU SCCs so that they also cover restricted transfers made under UK GDPR. This will be useful, for example, when intra group data transfer agreements are put in place involving personal data which is subject to EU GDPR and also personal data which is subject to UK GDPR.
The consultation closes on 7 October 2021, and changes will no doubt be made to the documents following the outcome and responses to the consultation. Nevertheless, the consultation provides a useful heads up of the issues that will be faced by parties who wish to transfer personal data under UK GDPR.