International transfers

This subtopic is intended for private sector commercial organisations in the UK and reflects the UK GDPR. It sets out the legal and practical challenges organisations face when transferring data outside the UK and suggests some risk management measures you may wish to adopt.

The data protection regime on international transfers

All transfers of personal data are subject to the general requirements of Assimilated Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR), eg you must:

•
have a lawful ground for processing that personal data—see Practice Note: How to process personal data lawfully
•
provide certain information to data subjects—see Practice Note: Privacy notices—information requirements, and
•
(where the transfer poses a high risk) complete a data protection impact assessment—see Practice Note: How to complete a data protection impact assessment—DPIA

Where you transfer the personal data internationally (outside the UK), you must also satisfy and comply with requirements in Chapter V of the UK GDPR (Transfers of personal data to third countries or international organisations).

To comply with these requirements, you should consider:

•
is the transfer caught by the data protection

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

DSIT guidance outlines four-stage commencement plan for Data Use and Access Act

The Department for Science, Innovation and Technology (DSIT) has published guidance detailing the implementation timeline for the Data Use and Access Act 2025. The Act, which received Royal Assent on 19 June 2025, will be implemented in four stages. The first commencement regulations under the Act, the Data (Use and Access) Act 2025 (Commencement No.1) Regulations 2025, bring into force specified provisions on 20 August 2025.

Law Society recommends salary increase for trainee solicitors and SQE candidates

The Law Society has recommended that minimum salaries should increase to £24,916 outside London and £28,090 in London for those employed for a period of recognised training (a training contract) and Solicitors Qualifying Exam (SQE) candidates employed for the purpose of qualifying work experience. The recommended minimum salary is reviewed in June each year as a matter of voluntary good practice before the revised figure comes into effect in September. The current recommended minimum salary for trainees is £24,320 outside of London and £27,418 in London.

OFSI updates general guidance on UK financial sanctions

The Office of Financial Sanctions Implementation (OFSI) has updated its general guidance on UK financial sanctions to include Designated Money Service Businesses as a licensing ground under section 6.6. This licensing ground permits OFSI to issue licences that allow funds to be returned to non-designated persons from designated Money Service Businesses, provided specific conditions are met.

OFSI and HMT update guidance on Russian Oil Services ban

The Office of Financial Sanctions Implementation (OFSI) and HM Treasury (HMT) have updated the Tier 2/3 notification that Tier 1 Provider has not confirmed compliance with reporting requirements under INT/2022/2469656 form, as part of their guidance on the Russian Oil Services ban.

View Practice Compliance by content type :

News