BLOG
share:
With the UK’s withdrawal from the EU, the UK is transitioning from its reliance on EU GDPR requirements for the transfer of UK personal information outside of the UK.
The UK’s own requirements are finalised, and there are a range of measures, processes and controls that businesses need to implement when transferring UK personal information from the UK, including updating their contracts to reflect the UK’s new contractual requirements (the new UK contractual requirements).
If your business handles personal information relating to any individual in the UK and it is transferred outside of the UK, e.g. you’re a SaaS business with UK customers, there are likely 2 ways this could go. If your business:
how do you comply?
If your business makes external transfers, then your customer contracts will need to include the new UK contractual requirements by the dates discussed below. The UK regulator has issued templates that you can adapt and use in your contracts to meet the new UK contractual requirements (see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/). These are:
key dates
what do I do if this applies to my business?
You should update your templates to include the new UK contractual requirements so that they can be rolled out by no later than 21 September 2022 and prepare a plan for how you’ll transfer existing affected customers to the new UK contractual requirements in time for 21 March 2024. If you have regular contractual reviews and renewals, that will be a good time to raise this with your customer.
If so then you may prefer kindrik.sg