Information Commissioner’s Office (ICO) looks at the key GDPR points over international data transfer

Greater restrictions are set to be in place for the international transfer of data when the new GDPR comes into force next month. Current legislation already imposes restrictions and caveats on data transferred outside the EU, but the new changes are set to ensure that the additional protection GDPR allows for is not undermined outside of Europe.

In an increasingly globalised society, it’s easy for data to be fired around the world in a matter of seconds, but data moved outside of the UK cannot be allowed to be more vulnerable.

One of the issues that is being looked at in the We-Vibe data protection cases is the fact that user data may have been transferred outside of the UK to the headquarters of the company behind the product in Canada. This in itself can be a breach of data protection rules, particularly where a person does not authorise their data being transferred outside of the country.

Things like legal agreements, contractual clauses, shared rules, shared compliance, proper certification and other administrative arrangements must be enforced. At present, too few organisations have any form of processes or procedures for data being shared or moved in the UK, so sharing it abroad will be thoroughly enforced as well when GDPR becomes effective.

Informed consent and knowledge of the data subjects will also be at the heart of the new rules.

As we have covered before, any failure to adhere to the new GDPR rules could land an offending organisation in serious trouble. Fines alone could be in the millions, so compliance is compulsory!

You can read more on the ICO website here.