Menu Close

UK government forms council on international data transfers

In this week’s issue of In Perspective, Samad Miah, Data Protection Consultant at Xcina Consulting, looks at a looks at new developments in the area of international data transfers in the UK as well as new draft guidance issued by the European Data Protection Board in relation to data subject access requests.

Learn the details of these and other key emerging themes as events unfold. Follow our round-up of latest stories and find out what the latest developments mean for you.  Our weekly review below helps you decide.

What happened

  • A group of data protection experts have met for the first time to help Britain seize the opportunities of better global data sharing.

  • The International Data Transfer Expert Council will provide independent advice to the government to help it achieve its mission of unlocking the benefits of free and secure cross-border data flows now the country has left the EU.

  • Household tech and industry names are represented on the council alongside international universities and organisations at the forefront of this rapidly moving policy area, such as the World Economic Forum and the Future of Privacy Forum.

Why it matters

  • International data transfers underpin our everyday life and are the foundations for our most-used technology, from GPS navigation and smart devices to online banking.

  • They are also instrumental to digital healthcare – having driven the development of treatment and vaccines during the pandemic.

  • Removing barriers to data flows will mean these services can be provided more reliably and securely.

  • Billions of pounds worth of trade goes unrealised around the world due to barriers associated with data transfers.

What happened

  • During its January plenary session, the European Data Protection Board (EDPB) adopted Guidelines on the Right of Access.

  • The Guidelines provide clarifications on the scope of the right of access, the information the controller must provide to the data subject, the format of the access request, the main modalities for providing access, and the notion of manifestly unfounded or excessive requests.

  • A stakeholder event on this topic was held in November 2019 and stakeholders’ views and opinions were taken into consideration during the drafting process.

Why it matters

  • The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data, as well as other supplementary information.

  • It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.

  • The Guidelines issued by the EDPB provide examples to support controllers to answer access requests in a GDPR compliant manner.

  • The Guidelines will be subject to public consultation for a period of 6 weeks

What happened

  • On 28 January 2022, the Secretary of State laid before Parliament the international data transfer agreement (IDTA), the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (Addendum) and a document setting out transitional provisions.

  • This final step follows the consultation the Information Commissioner’s Office ran in 2021.

  • The documents are issued under Section 119A of the Data Protection Act 2018.

  • If no objections are raised, they come into force on 21 March 2022.

Why it matters

  • Exporters will be able to use the IDTA or the Addendum as a transfer tool to comply with Article 46 of the UK GDPR when making restricted transfers.

  • They take into account the binding judgement of the European Court of Justice, in the case commonly referred to as “Schrems II”.

  • The IDTA and Addendum form part of the wider UK package to assist international transfers.

  • This includes independently supporting the Government’s approach to adequacy assessments of third countries.

One more thing…

The UK’s newly appointed Information Commissioner, John Edwards, has announced a major listening exercise to hear direct from businesses, organisations and people about their experiences of working with the ICO.

The exercise will include a survey, as well as a series of events held across the UK.

The online survey can be found on the ICO website now. Invites to events and meetings will be sent out in February.


Stay in control of your inbox

Register your details to receive our featured insights,
news and analysis covered ‘In Perspective’ from our
Data Protection team.

Stay up to date and discover how the requirements impact your business. 



Samad Miah

Data Protection Consultant

Speak to me directly by Email, or
Telephone:+44 (0)20 3745 7843 


Samad has a strong track record in data protection, both as an industry practitioner and as a consultant, helping organisations successfully address their obligations towards the Information Commissioner’s Office and other regulatory bodies.

To discuss how the above or other data protection requirements impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.