Skip to content
The Information Commissioner’s Office (ICO) has updated its international transfers guidance, adding:
- a new section on transfer risk assessments (TRAs)
- a downloadable TRA tool (DOC, 368K)
These updates aim to help organisations know how to protect people’s personal information when making international transfers.
Earlier this year, the ICO published the International Data Transfer Agreement (IDTA) and the Addendum to the European Union Standard Contractual Clauses (SCCs).
The latest updates clarify an alternative transfer risk assessment approach to the one put forward by the European Data Protection Board.
With the guidance, and the six-question TRA tool, the ICO offers a framework to help people identify an initial risk level for categories of data and focus on whether the transfer significantly increases the risk of either privacy or other human rights breach. The ICO believes this approach captures the key risk to the people the data is about, and is also achievable.
See: International transfers | ICO
