International transfers of personal data under the DPA 1998 [Archived]
Produced in partnership with Fieldfisher LLP
International transfers of personal data under the DPA 1998 [Archived]

The following Information Law practice note Produced in partnership with Fieldfisher LLP provides comprehensive and up to date legal information covering:

  • International transfers of personal data under the DPA 1998 [Archived]
  • Data export restriction
  • Restriction under the Data Protection Directive
  • Restriction under the Data Protection Act 1998
  • What is a ‘transfer’?
  • When is data in 'transit'?
  • Data export restriction—exceptions
  • 1—Consent
  • 2—Contract performance
  • 3—Substantial public interest
  • More...

ARCHIVED: This Practice Note introduces the data export restriction under the Data Protection Act 1998 (DPA 1998) prohibiting the transfer of personal data to a territory outside of the European Economic Area (EEA) unless there is an adequate level of privacy protection for their personal data.

This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the DPA 1998. This Practice Note is for background information only and is not maintained.

For further information on the position under the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR), see Practice Notes: Introduction to the EU GDPR and UK GDPR, which includes a section on International personal data transfers and personal data transfers to international organisations and International transfers of personal data under the GDPR.

For a comparison between the position under the GDPR and the preceding data protection regime, see Practice Note: DPA 1998 to GDPR comparison—international data transfers of personal data [Archived].

For a comprehensive introduction to the GDPR, collating key practical guidance, see: Data protection toolkit.

Data export restriction

Restriction under the Data Protection Directive

Directive 95/46/EC, (the Data Protection Directive) prohibits controllers in EU member states:

  1. from transferring personal data to any territory outside the European Economic Area (the EEA) (being the member states of the EU and Iceland, Liechtenstein and Norway)

  2. unless an ‘adequate’ level

Related documents:

Popular documents