Handley Gill
LEGAL, REGULATORY & COMPLIANCE CONSULTANTS

Handley Gill Limited

Our expert consultants at Handley Gill share their knowledge and advice on emerging data protection, privacy, content regulation, reputation management, cyber security, and information access issues in our blog.

Posts tagged Standard contractual clauses
Best Before: 21 March 2024
Best Before: 21 March 2024

Handley Gill’s specialist data protection consultants highlight the forthcoming deadline for data controllers to review and, if necessary, update the safeguards relied upon as the lawful basis for conducting transfers of personal data from the UK to overseas where these currently rely upon the old European Commission standard contractual clauses / model clauses, including guidance on the actions that need to be taken.

Read More
Nicola CainData Protection, Personal Data, UK GDPR, Data Transfer, International data transfers, Restricted International Data Transfers, Article 46(2)(d) UK GDPR, BREXIT, Standard contractual clauses, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Standard data protection clauses, Information Commissioner, Information Commissioner's Office, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, EUROPEAN COMMISSION, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, DATA PROTECTION ACT 2018, Schedule 21 Part 3 para.7 Data Protection Act 2018, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), International Data Transfer Risk Assessment, International Data Transfer Impact Assessment, Transfer Risk Assessment, Transfer Impact Assessment, Transfer Risk Assessment Tool, Appropriate Safeguards, Commission Implementing Decision (EU) 2021/914 of 4 June 2021Comment
UK-US data bridge open for traffic
UK-US data bridge open for traffic

Handley Gill’s specialist data protection consultants consider the implications of The Data Protection (Adequacy) (United States of America) Regulations 2023 (SI 2023/1028) for data exporters subject to the UK GDPR conducting personal data transfers from the UK to the USA and what action should be taken.  

Read More
Nicola CainData Protection, Personal Data, Personal Data Transfer, Personal Data Export, Data Transfer, US Data Transfers, International data transfers, Restricted Data Transfer, Restricted International Data Transfers, UK GDPR, DATA PROTECTION ACT 2018, s17A Data Protection Act 2018, Article 45 UK GDPR, Article 44 UK GDPR, Article 46 UK GDPR, Standard data protection clauses, Standard contractual clauses, SCCs, Modernised SCCs, IDTA, International Data Transfer Agreement, International Data Transfer Addendum, UK-US Data Bridge, EU-US DPF, EU-US Data Privacy Framework, Trans-Atlantic EU-US Data Privacy Framework, Adequacy Regulations, Adequacy Decision, US Adequacy Decision, SI 2023/1028, The Data Protection (Adequacy) (United States of America) Regulations 2023Comment
Freedom from the tyranny of supplementary measures
Freedom from the tyranny of supplementary measures

Handley Gill Limited’s specialist data protection consultants consider the impact of the European Commission’s adequacy decision in respect of the Trans-Atlantic EU-US Data Privacy Framework and the steps controllers and processors should take in relation to transfers of personal data from the EEA and UK to the USA.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Transfer, Personal Data Transfer, International Transfers, International data transfers, Safe Harbor, Privacy Shield, EU-US Data Privacy Framework, Transatlantic Data Privacy Framework, Trans-Atlantic Data Privacy Framework, Chapter 5 GDPR, Chapter 5 UK GDPR, Article 44 GDPR, Article 44 UK GDPR, Article 45 GDPR, Article 45 UK GDPR, Article 45(2) GDPR, Article 45(2) UK GDPR, Adequacy Decision, Schrems II, Adequacy Regulations, Section 17A Data Protection Act 2018, S.17A Data Protection Act 2018, S.17A DPA 2018, DPA 2018, Data Protection Act 2018, Standard contractual clauses, Standard data protection clauses, Supplementary Measures, Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, Transfer Risk Assessment, Transfer Impact Assessment, International Data Transfer Agreement, International Data Transfer Addendum, IDTA, SCCs, Modernised SCCs, Modernised Standard Contractual Clauses, Executive Order 14086, Qualifying State, TADPF, US Data Transfers, UK-US Data Bridge, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, FISA 702, Prism, Upstream, EU-US DPF, Data Controller, Data Processor, Data exporter, Data ImporterComment
A bridge to nowhere?
A bridge to nowhere?

A commitment to establishing a UK-US data bridge, which would take the form of adequacy regulations being issued by the Secretary of State pursuant to section 17A Data Protection Act 2018, has been announced. Since this bridge is likely to be contingent on the European Commission issuing its own adequacy decision, and the draft has recently been rejected by the European Parliament, data exporters will be reliant on the Commission ramming through the roadblock or will find themselves stuck in traffic on the UK-US data flyover.

Read More
Nicola CainData Protection, Personal Data, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Privacy Shield, Schrems II, Transatlantic Data Privacy Framework, Adequacy Decision, EUROPEAN COMMISSION, Safe Harbor, Adequacy Regulations, UK Adequacy, Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, Executive Order On Enhancing Safeguards For United States Signals Intelligence Activities, EU-US Data Privacy Framework, UK-US Data Bridge, Chapter 5 GDPR, Chapter 5 UK GDPR, Article 45 GDPR, Article 45 UK GDPR, Article 46 GDPR, Article 46 UK GDPR, Data Protection Act 2018, Section 17A Data Protection Act 2018, s17A Data Protection Act 2018, Qualifying State, Executive Order 14086, TADPF, European Parliament, Committee on Civil Liberties, Committee on Civil Liberties Justice & Home Affairs, LIBE Committee, European Data Protection Board, EDPB, Opinion 5/2023, German-American Data Protection Day, DoJ, Department of Justice, Standard contractual clauses, Standard data protection clauses, Supplementary Measures, Transfer Risk Assessment, Transfer Impact Assessment, Derogation, Data Transfer, Data transfer agreement, US Data Transfers, International Transfers, International data transfers, International Data Transfer Risk Assessment, Data Controller, Data Processor, Data exporter, Data ImporterComment
Data Downgrade Down Under?
Data Downgrade Down Under?

Handley Gill Limited’s data protection consultants consider the implications of the 2021 Free Trade Agreement between the UK and Australia - taking effect on 31 May 2023 - for the protection of personal data and the ease of international transfers of personal data.

Read More
Nicola CainBREXIT, UK, United Kingdom, Australia, Data Protection, Personal Data, Privacy, Data Privacy, GDPR, General Data Protection Regulation, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Section 17A Data Protection Act 2018, Adequacy Decision, Adequacy Regulations, New Zealand, European Commission, Secretary of State for Science Innovation & Technology, Marketing, Direct Marketing, Consent, Marketing Consent, Privacy Act, Privacy Act Review, Foreign Commonwealth and Development Office, Foreign Office, Department for Business and Trade, Department for Science Innovation and Technology, Department for Culture Media & Sport, Data Transfer, Restricted Data Transfer, Restricted International Data Transfers, International data transfers, Standard contractual clauses, Derogations, Data Controller, Data ProcessorComment
See ya SCCs, enter the IDTA
See ya SCCs, enter the IDTA

New data processing or other sharing agreements governed by the UK GDPR, which are entered into on or after Thursday 22 September 2022 and which involve the export of personal data from the UK to third countries and will rely on appropriate safeguards under Article 46 UK GDPR in the form of standard data protection clauses, can no longer rely on the standard contractual clauses (SCCs) or ‘model clauses’ issued by the European Commission and valid as at 31 December 2020 and must instead incorporate the International Data Transfer Agreement or modernised SCCs and International Data Transfer Addendum.

Read More
Nicola CainData Protection, Data Protection Act 2018, GDPR, UK GDPR, General Data Protection Regulation, UK General Data Protection Regulation, EUROPEAN COMMISSION, Information Commissioner, SchremsII, Schrems II, Standard contractual clauses, SCCs, Modernised Standard Contractual Clauses, Modernised SCCs, International data transfers, International Data Transfer Agreement, IDTA, International Data Transfer Addendum, International Data Transfer Risk Assessment, Article 46 UK GDPR, Article 46 GDPR, Model clauses, European Commission Decision 2001/497/EC, European Commission Decision 2010/87/EU, Brexit, UK-EU Withdrawal Agreement, Article 46(2)(c) UK GDPR, Article 46(2)(d) UK GDPR, Article 46(2)(d) GDPR, Standard data protection clauses, The Data Protection Privacy & Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419), Schedule 21 Part 3 para.7 Data Protection Act 2018, Data transfer agreement, Data exporter, Commission Implementing Decision (EU) 2021/914, Data Controller, Data Processor, Data Exporter, Data ImporterComment