The government has approved the UK-US data bridge and it will come into force today, the 12th October 2023, writes Katie Raby
The UK-US data bridge is an extension to the EU-US Data Privacy Framework (DPF) and effectively authorises the US as providing an adequate level of protection for data transfer purposes.
The adequacy finding will only apply to those US organisations who agree to the key principles by signing up to the DPF.
UK companies wishing to transfer personal data to the US should firstly check the DPF register to see if the organisation they wish to send to data to is on there. If it is, this will negate the need for the further transfer mechanisms such as the Standard Contractual Clauses (EU SCCs) plus UK Addendum or the International Data Transfer Agreement (IDTA). If the US organisation has not registered with the DPF, then the US organisation should be treated as ‘inadequate’ as far as data protection and security is concerned and the further appropriate mechanisms should be used to transfer data. Furthermore, the UK company should ensure that a transfer risk assessment is undertaken prior to any transfer of data.
Our Travlaw Team will talk more about international data transfers along with other topical data matters in our upcoming webinar;
‘Data – Where we are now?’
on Wednesday 25th October, at 10am.
This article was originally published on: 12 October 2023