The General Data Protection Regulation (GDPR) generally prohibits the transfer of personal data outside of the UK/EEA unless an appropriate transfer mechanism is in place.
Failure to comply with the rules can result in heavy sanctions being applied. It is therefore essential that businesses with an international footprint, those relying on processors outside the UK/EEA or those otherwise involved in transferring data to recipients outside the UK/EEA are aware of the mechanisms they rely upon when transferring data internationally.
The rules can be complex, and determining which mechanism should be relied upon often involves an analysis of specific facts and circumstances. We regularly advise clients on:
Our clients include innovative fintech and adtech companies, financial and professional services firms including UK and US law firms, and multinational businesses in UK, as well as international organisations.