ICO Consultation For The UK Replacement Of The Standard Contractual Clauses – Privacy



ICO advice on replacing the UK Standard Contractual Clauses

August 25, 2021

Preiskel & Co

To print this article, all you need to do is register or log in to Mondaq.com.

On August 11, 2021, the Information Commissioner’s office (“ICO“) published a consultation on its draft guidelines on international transfers of personal data (“Guidance“), as well as associated data transfer tools that are used to create standard contractual clauses (“SCC“).

The ICO’s post-Brexit data protection measures include these new documents that need to be consulted:

  1. Proposals aimed at international transfers of personal data outside of the UK

  2. A proposal for guidelines on international transfer risk assessment (the “Risk Assessment Guide“)

  3. The international data transfer agreement (“ITDA“)

  4. Draft of a British addendum to the EU Commission’s standard contractual clauses

The ICO’s proposals and drafting tools show that the regulator is drawn to capitalizing on its ability to enforce its own post-Brexit regulations. With the aim of helping organizations navigate international data transfers subject to UK GDPR rules, the consultation provides an indication of how UK data protection rules are likely to be applied. In particular with respect to countries that have not been granted adequacy status under the UK GDPR, the transfer risk assessment (“BETWEEN“) provides an approved format for performing the necessary risk assessments in relation to international transfers of personal data.

The consultation addresses considerations that will allow the ICO to review areas of the UK GDPR that it believes need clarification in relation to the IDTA. The ICO’s document also clarifies the UK’s position on the European Commission’s new SCCs published in June. More information on the European Commission’s new SCCs can be found here.

The ICO has published an in-depth post-Brexit consultation on international transfers of personal data from the UK, aiming to link EU and global privacy and data protection laws and practices. It will be interesting to analyze and examine the responses the ICO receives in relation to its consultation and how the ICO will apply these new regulations.

You can find the ICO advice here.

The content of this article is intended to provide general guidance on the subject. Expert advice should be sought regarding your specific circumstances.


When should a legitimate interest assessment be used?


Employers often try to rely on legitimate interests when processing their employees’ personal data. However, many do not know that this should involve conducting a legitimate interests test.