STOP PRESS: This document is being updated to reflect implementation of the Data (Use and Access) Act 2025 (DUAA 2025) which amends the UK GDPR and Data Protection Act 2018. For more guidance on the compliance implications of DUAA 2025, see Practice Note: Data (Use and Access) Act 2025—compliance implications.
This subtopic is intended for private sector commercial organisations in the UK and reflects the UK GDPR. It sets out the legal and practical challenges organisations face when transferring data outside the UK and suggests some risk management measures you may wish to adopt.
All transfers of personal data are subject to the general requirements of Assimilated Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR), eg you must:
have a lawful ground for processing that personal data—see Practice Note: How to process personal data lawfully
provide certain information to data subjects—see Practice Note: Privacy notices—information requirements, and
(where the transfer poses a high risk) complete a data protection impact assessment—see Practice Note: How to complete a data protection
To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
**Trials are provided to all LexisNexis content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisNexis services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
The Solicitors Regulation Authority (SRA) has published guidance on terminating client retainers, clarifying the circumstances in which solicitors and...
This week's edition of Practice Compliance weekly highlights includes changes to the UK financial sanctions framework, the SRA’s upcoming July 2026...
The Solicitors Regulation Authority (SRA) has announced that its annual anti-money laundering (AML) and sanctions data collection exercise is...
Corporate Crime analysis: In this update, corporate crime experts Elliott Kenton, partner, and James Camidge, solicitor, at Weightmans, distil the...
If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin
Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of
0330 161 1234