International transfers of personal data under the GDPR
International transfers of personal data under the GDPR

The following Employment guidance note provides comprehensive and up to date legal information covering:

  • International transfers of personal data under the GDPR
  • Key guidance
  • The GDPR and its incorporation into the EEA Agreement
  • Obligations on data exporters under the GDPR
  • Identifying an international transfer
  • The data export restriction
  • Adequacy decisions
  • Appropriate safeguards
  • Instruments between public authorities or bodies
  • Standard contractual clauses (Model Clauses)
  • more

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

This Practice Note introduces the general prohibition under Chapter V of the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR) on the cross-border transfer of personal data outside of the EEA or to an international organisation.

For more information on the data protection regime under the GDPR, and the Data Protection Act 2018 (DPA 2018), which implements provisions and permitted derogations to the GDPR into UK law, see Practice Notes:

  1. The General Data Protection Regulation (GDPR)

  2. The Data Protection Act 2018

  3. Key definitions under the GDPR

  4. Data protection principles under the GDPR

  5. Extra-territorial reach under the GDPR

For a comparison between the position under the GDPR