The United Kingdom has finalized, and laid before Parliament, its International Data Transfer Agreement (“IDTA”). The new IDTA will come into force on 21 March 2022, together with a supplemental document to the new EU Standard Contractual Clauses (“UK Addendum”) and transitional provisions, to address requirements under the UK GDPR and UK Data Protection Act.
Both the IDTA, UK Addendum, and transitional provisions will replace use of the previous EU Standard Contractual Clauses (approved by the European Commission) under the UK GDPR (“Directive SCCs”).
What does this mean for companies? In terms of timing, contracts concluded on or before 21 September 2022, on the basis of the Directive SCCs continue to provide appropriate safeguards until 21 March 2024 for the purposes of the UK GDPR, as long as the processing operations and the subject matter of the contract remain unchanged, and reliance on those Directive SCCs ensures that the transfer of personal data is subject to appropriate safeguards. This means organisations will be afforded time to update existing prior agreements based on the Directive SCCs.
For any new contracts involving for data transfers from the UK, however, the UK Addendum or the IDTA will need to be used going forward.
Further Information. To read more about this development from the Information Commissioner’s Office, click here. If you have any questions about this or any other privacy law, please do not hesitate to reach out to one of the Contacts listed below.
