The General Data Protection Regulation (GDPR) generally prohibits the transfer of personal data outside of the UK/EEA unless an appropriate transfer mechanism is in place.
Failure to comply with the rules can result in heavy sanctions being applied. It is therefore essential that businesses with an international footprint, those relying on processors outside the UK/EEA or those otherwise involved in transferring data to recipients outside the UK/EEA are aware of the mechanisms they rely upon when transferring data internationally.
The rules can be complex, and determining which mechanism should be relied upon often involves an analysis of specific facts and circumstances. We regularly advise clients on:
- the implementation of intra-group data transfer agreements
- the appropriate steps which need to be taken to lawfully transfer data outside the UK / EEA
- the derogations set out in Article 49 of the GDPR, and
- requests from non-UK/EEA regulators for the transfer of data falling within scope of the GDPR.
Our clients include innovative fintech and adtech companies, financial and professional services firms including UK and US law firms, and multinational businesses in UK, as well as international organisations.