Data protection – UK-US data bridge
Following a review of the current handling and protection of personal data, the UK and US have established a ‘data bridge’. This allows personal data to move freely between UK businesses and certified organisations in the US.
International data transfers are central to the transactions of many businesses, and under previous GDPR Regulations, any transfer of personal data to the US required costly contract clauses to ensure privacy and protection standards.
Now, where the US organisation is appropriately certified, the new bridge removes this requirement.
A US organisation is placed onto the Data Privacy Framework List (DPF list) on the DPF website once they have been certified. They can then receive UK personal data through a UK-US data bridge.
UK businesses will need to ensure they update their privacy policies and document their data processing activities to reflect any changes in how they transfer personal data to the US.
Before sending personal data to the US, you must confirm the recipient is appropriately certified with the DPF and that they have completed the various steps around this certification. There are also restrictions around the types of data that can be sent that you must consider, so be sure that you check and don’t just rely on inclusion on the DPF list!
You can find a factsheet about the data bridge here. This includes links to the DPF website.
We send regular updates that keep clients aware of changes and suggestions on a wide range of subjects; if you’d like to receive those too, just add your details below and we’ll do the rest! We promise not to bombard you and you can unsubscribe at any time.