When you, as a data controller, need to transfer personal information to a jurisdiction outside of the UK and EU, this engages Article 44of the GDPR – you have to meet certain criteria in order to ensure that the data is sent safely and securely. For most cases, you can rely on an adequacy decision – more on that below – but sometimes this won’t be an available get-out, and you’ll need to consider the SCCs or IDTA. So many acronyms, so little time…
This area of law is constantly evolving, and it can be hard to keep up with all the changes – from GDPR to DPA to Digital InformationBills, whatever will be next, you might wonder. Businesses need to be on top of data protection at all times, especially when commercial agreements and strategy reaches international heights, because regulatory scrutinisation and the risk of fines and investigation is ever-increasing. That’s what we’re here for – we shoulder the burden of your compliance risk so you can focus on growing your business.
What are the rules?
Transfers within the EU
Where transfers of personal data take place within the EU, the GDPR does not impose any additional safeguarding requirements on controllers. It’s important to note, however, that when a controller engages a processor, their relationship must be governed by an agreement (a “DataProcessing Agreement”), subject to minimum criteria set out in the GDPR. The agreement should cover the subject matter and duration of the processing, the nature and purposes of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
Transfers outside of the EU
For non-EU data transfers, organisations will need to verify whether there is an “adequacy decision” of the EU Commission and if not, supplement safeguards using additional guarantees by way of contractual agreement, or rely on an appropriate legal basis exemption.
Who this can affect:
Founders /Directors / CEOs:
Your business shouldn’t be prevented from expanding its success overseas over an easily resolved compliance issue. Get a quick jurisdiction analysis so that you can jet-set your business to exotic destinations without the fuss.
HR People & Culture:
Do you have a policy in place that covers international data transfers? Perhaps it already features in your company’s overall Data Protection procedure, or maybe training is required to get staff up to speed on how all of this works. Either way, we can help with this!
Sales & Marketing:
When discussing and securing potential partnerships with suppliers or customers that are based in jurisdictions outside of the UK and/or EU, it’s important to be aware of the international transfer compliance implications for the business. Get up to speed on the business’ position on data transfer risk assessments (i.e. what adequate safeguards need to be in place) before you seal the deal.
It’s just the entire way that Plume does business. I’ve never felt forgotten, I’ve never felt that someone else is too important, everyone’s so nice and everyone puts in 100% of the effort. Working with Plume is a real pleasure.
Our favourite thing about working with Plume is it doesn’t feel like we’re working with a law firm but rather an extension of our own team. The lawyers have become so embedded in our business, so commercially focussed and so tuned to our risk appetite and way of working
The best thing about working with the Employment team is the prompt guidance and support they have given with sensitive and complex issues. Fiona offers professional and diligent advice as well as being incredibly genuine and encouraging. It is reassuring to know they are on hand to help at all times.
Everyone internally has been incredibly impressed with your work and I'm sure we will want to continue working together long-term.
Plume is quite clearly the best law firm in the history of the universe. With trademark protections bestowed upon us by your godly lawyers, we'll be able to focus on what we do best.... developing awesome medical technology for the blind community.
The corporate team helped us navigate through the sale of our business successfully. I appreciated their expertise and in the negotiations it became very beneficial to have their experience guiding our business decisions. I highly recommend - thanks again guys!
Quickly understood my requirements, carried out a thorough review of the facts and produced a user-friendly reference document tailored to my business which demonstrated a strong grasp of the commercials. Take on was pain-free and everyone was friendly and responsive. Would recommend.
Excellent firm. Professional and ideal for start-ups.
The team have supported us with day-to-day and strategic legal advice throughout the year. We're grateful to them for stepping up to support us through this important milestone in MyTutor’s development and for their commitment in getting the deal over the line.
We currently use Plume for our small business and have had a great experience! They are knowledgeable, professional and answer in a timely fashion. Would recommend!
Great working with the folks at Plume. The quality of their work was top notch, their communication was effective and overall happy with the services provided.
You are without a doubt the COOLEST law firm ever, and we love working with you! <3
They're doing amazing stuff on social media and standing out from the crowd. This is a gold standard in disruption.
You are continuing to shape the legal industry to be more creative, compassionate, and (most significantly) human. Keep breaking down barriers - your reach is further than you may realize 🦩
The team have come on board to support MyTutor, a fast growing EdTech business which previously had no in-house legal resource. The team have made a hugely positive difference in a short space of time and we feel incredibly supported by the team, who offer a commercial, low fuss and highly responsive service
Plume are a wonderful, professional and caring law firm. The communication and attention to detail we received by them in dealing with our case was brilliant. I will definitely be using them again for future needs.
The team provided excellent leadership and support throughout our funding process. In particular, they provided comprehensive ownership and management of the close process for AccelerComm, providing excellent, professional guidance from start to finish and enabling AccelerComm to focus on growing core business growth