ICO Updates UK GDPR International Transfer Guidance

ICO News & Blogs

Published January 15th, 2026

Detected February 11th, 2026

Email Set alert

Summary

The UK's Information Commissioner's Office (ICO) has updated its guidance on international personal data transfers under UK GDPR. The revised guidance aims to simplify compliance for businesses by introducing a 'three step test' and clarifying complex areas.

View original document View source feed page

What changed

The ICO has published updated guidance on international data transfers under UK GDPR, designed to make compliance more accessible for businesses. Key changes include a streamlined 'three step test' to identify restricted transfers, new content addressing roles and responsibilities in multi-layered scenarios, and supplementary resources like FAQs and a glossary. This update is part of an ongoing project that will further refine guidance on transfer risk assessments (TRAs), the international data transfer agreement (IDTA), and cloud services, with plans for an interactive tool and more case studies.

Organisations involved in international data transfers should review the updated guidance to understand the new 'three step test' and enhanced clarity on roles and responsibilities. The ICO is also hosting a webinar to discuss the changes. While no specific compliance deadline is mentioned, prompt review is advised to ensure adherence to UK GDPR transfer requirements. The guidance is intended to support innovation while ensuring responsible data handling.

What to do next

Review updated ICO guidance on international data transfers under UK GDPR.
Familiarise with the new 'three step test' for identifying restricted transfers.
Attend the ICO webinar on the guidance changes.