International Transfers of Personal Data
Further guidance on international transfers of personal data is available in Section 11 of the Data Protection Code of Practice.
Checklist and Exceptions to Prohibition for Transfers to Non-EEA Countries
University staff should ensure that there are clear and documented procedures and administrative responsibilities for the transfer of personal data to non-EEA countries. In addition, the DPA 1998 provides a number of exceptions to the prohibition on the transfer of the personal data in question. The factors which University staff should consider if a transfer of personal data is proposed are in this checklist.
Download the Checklist and Guidance on exceptions for transfers to Non-EEA countries
EU-US Privacy Shield (Safe Harbour replacement)
The EU-US Privacy Shield became fully operational from 1 August 2016. Companies can sign up to the Privacy Shield with the U.S. Department of Commerce who will then verify that their privacy policies comply with the high data protection standards required by the Privacy Shield
Important information about the transfer of personal data to the United States
From 1 August 2016 the US Safe Harbour Scheme was replaced by the EU-US Privacy Shield. Information about the scheme can be found on the ICO's website and the European Commission's website, which gives the following overview:
"What is the Privacy Shield?
The Privacy Shield allows personal data to be transferred from the EU to a company in the United States, provided that the company there processes (e.g. uses, stores and further transfers) your personal data according to a strong set of data protection rules and safeguards. The protection given to your data applies regardless of whether you are an EU citizen or not.
How does the Privacy Shield work?
If you want to know if a company in the U.S. is part of the Privacy Shield you can check the Privacy Shield List on the website of the Department of Commerce (https://www.privacyshield.gov/welcome). This list will give you details of all the companies taking part in the Privacy Shield, the kind of personal data they use, and the kind of services they offer. You can also find a list of the companies that are no longer part of the Privacy Shield."
The following links provide current guidance:
Any staff who have concerns about current agreements or are contemplating future ones should contact Governance Services.