International Data processing
The way international data transfers are made from the UK is about to change. This is part of a series of measures to make UK laws fit for purpose now that we have left the EU. The new legal mechanism is based on a very different criteria to the EU version. The new measures are complex and likely to cause uncertainty and a greater level of risk to non-compliance.
Up until now if you needed to transfer data including storing data outside of the UK/EU/EEA your most likely remedy would be to use the EU Standard Contractual Clauses (SCCs). In more recent times the EU revised such safeguards and issued three new versions. The ICO pointed out at the time that UK Data Controllers should not use the new clauses and wait until it announced the UK arrangements. So in short we have been waiting for further direction.
It has now been announced that from the 21st March 2022 the UK will use International Data Transfer Agreements (IDTA) to support transfers outside of the UK. They will not be required if the country to which you are sending the data is EU Adequate, although the UK is developing its own Adequacy Regime. So as it stands, this includes all of the EU countries and the EEA countries until further notice. However, most likely if you use a CRM system the country of concern will be the US. If this is the case this information will apply.
We are the only trusted supplier to The National Council of Voluntary Organisations (NCVO), and work with multiple other reputable organisations.