Spring Cleaning: Fix contract terms for data transfers from the UK

Spring Cleaning: Fix contract terms for data transfers from the UK

[Things don’t stand still in the world of data privacy. Check out our updates: https://www.techcontracts.com/2023/07/21/personal-data-transfers-schrems/, and background here – The Clock is Ticking: Are Your Contract Terms Out-of-Date for Transfers of Personal Data Subject to the GDPR?; Third Time Lucky? Personal Data Transfers between the U.S., EU, UK; Draft EU “Adequacy Decision” for Data Transfers to U.S. Now What?]

Do the UK General Data Protection Regulation and Data Protection Act govern your transfers of personal data to the United States? (Or do they apply to your personal data transfers to another country without “adequate” safeguards?) The UK has launched new mandatory contract terms for those using contracts to legitimize transfers.

What terms? Those relying on contract terms for transfers must choose (a) the UK’s International Data Transfer Agreement (“IDTA”) or (b) the UK Addendum to the EU’s 2021 standard contractual clauses for international transfers (“new” SCCs).

When?

1. September 21, 2022: For new agreements or new processing operations under existing agreements.
2. March 21, 2024: For transfers under contracts in effect as of September 21, 2022. (But no grace period for new processing operations.)

Are the UK deadlines the same as the deadlines to start using the “new” EU SCCs? No. For new contracts under the EU GDPR (relying on contract terms for cross-border transfers), the “new” SCCs were required as of September 27, 2021. For contracts by then in effect, the deadline is December 27, 2022. (But no grace period for new processing operations.)

Why are we talking about this now? On March 21, 2022, the deadline for the UK Parliament to object to the new terms ended. Parliament did not object, so the IDTA and UK Addendum options became effective.

By Kathy O’Sullivan, Esq. (CIPP/E, CIPP/US)

Eager for more information about information technology contracts? Tech Contracts Academy offers public and in-house training, including Tech Contracts Master Classes.

(c) 2022 by Tech Contracts Academy. All rights reserved.

Graphic courtesy of Pixabay.com.

Share the Post:

Related Posts

David Tollen’s Live Webinars About Technology Contracting – April 16, May 21

Join Tech Contracts Academy’s two remaining live webinars this spring: April 16 – The Indeminar: Indemnities in Contracts about Software, the Cloud, and AI May 21 – IP

April 9, 2024

Educational videos partnership with Briefly

Tech Contracts Academy and David Tollen have partnered with Adam Stofsky and Briefly Inc. to create a series of short, concise videos, covering contract basics. The videos are

April 4, 2024

Don’t grant a fault-based indemnity

I think it’s a mistake to indemnify against claims resulting from indemnitor negligence or other wrongdoing. Indemnities against 3rd party claims usually specify the claims

April 2, 2024

New AI Contracts Training Available On-Demand

David Tollen’s Tech Contracts Academy just released a new, updated version of our popular training: AI Contracts – Drafting and Negotiating. With 1 year’s access, you can use it for training and as a reference.

March 14, 2024