There are important developments in relation to international transfers of data. Most importantly, the European Commission has adopted adequacy decisions for the UK, but note the ‘sunset clause’, which limits the duration of adequacy to four years. It has also approved new Standard Contractual Clauses for international data transfers. These are not effective for transfers from the UK on which an announcement is awaited from the Information Com- missioner’s Office (ICO). The ICO is in the process of updating its guidance.

The European Data Protection Board has published Recommendations 01/2020 on measures that supplement transfer tools to en- sure compliance with the EU level of protection of personal data; although not binding in the UK they may still be useful.

In Sanso Rondon v LexisNexis Risk Solutions UK Ltd [2021] EWHC 1427 (QB), a representative appointed under Art. 27 of GDPR was held to have no liability to the claimant for alleged breaches of GDPR in connection with a database providing information for anti -money laundering compliance.

Links to the above are on

‹ Back to Publications