The updated guidance sets out key requirements, reduces complexity and supports the responsible transfer of personal information. 

The guidance details a clear ‘three step test’ for organisations to use to identify if they are making restricted transfers. Additional new content has been added on roles and responsibilities, which reflects the complexity of multi-layered transfer scenarios. In addition, a brief guide, quick reference FAQs and a glossary will support organisations which do not have specialist knowledge or experience in making international transfers.  

The update is part of an ongoing project which will further develop parts of ICO guidance, such as its approach to transfer risk assessments (TRAs), and additional guidance on the international data transfer agreement (IDTA) and cloud services.

ICO also plans to add an interactive tool to help organisations identify whether they are making a restricted transfer, and more examples and case studies that reflect the complexity of global transfer scenarios.  

To further support organisations with their approach to international transfers, ICO is hosting a webinar to talk through the changes and highlight the main things organisations making or advising on restricted transfers need to know.