| Link(s): | Updated guidance on international transfers published | ICO International transfers | ICO International transfer guidance – webinar | ICO |
Context
The ICO has announced that it has updated its guidance in relation to international transfers of personal data. The updated guidance clearly sets out key requirements, reduces complexity, and supports the responsible transfer of personal information.
Key points to note and next actions
- The streamlined guidance sets out a clear ‘three step test’ for organisations to use to identify if they are making restricted transfers, and the ICO has added new content to help provide clarity on areas it knows organisations have questions on.
- Additional new content has been added on roles and responsibilities, which reflects the complexity of multi-layered transfer scenarios. In addition, a brief guide, quick reference FAQs, and a Glossary will support organisations which do not have specialist knowledge or experience in making international transfers.
- The update is part of an ongoing project which will further develop parts of the guidance, such as the ICO’s approach to transfer risk assessments (TRAs), and additional guidance on the international data transfer agreement (IDTA) and cloud services.
- The ICO also plans to add an interactive tool to help organisations identify whether they are making a restricted transfer, and more examples and case studies that reflect the complexity of global transfer scenarios.
- To further support organisations with their approach to international transfers, the ICO is hosting a webinar on 10 March 2026 to talk through the changes and highlight the main things organisations making or advising on restricted transfers need to know.