Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Data

ICO Consultation on International Data Transfers: Key Considerations

by 3 Mins Read

London, 3 July 2025 â€” The UK Information Commissioner’s Office (the “ICO”) has issued a call for views on its guidance relating to international transfers of personal data under the UK GDPR. This consultation, open until 7 August 2025, presents a strategic opportunity for stakeholders to influence the regulatory framework governing cross-border data flows.

We encourage stakeholders who are engaged in international operations—particularly those relying on standard contractual clauses, transfer risk assessments, or bespoke transfer mechanisms—to review the ICO’s current guidance and consider submitting feedback.

Objectives

This initiative stems from the ICO’s January 2025 commitment to the UK Government to streamline and clarify international transfer rules, with the aim of enhancing business confidence and supporting economic growth. The ICO is now seeking stakeholder input to ensure its guidance is:

  • clear and practical for commercial implementation;
  • responsive to operational challenges faced by UK-based data exporters; and
  • aligned with evolving global data protection standards.

In particular, the ICO is asking for views on:

  1. Which aspects of the ICO’s guidance is most helpful to stakeholders? 
  2. Are there aspects of the ICO’s guidance that stakeholders find difficult to understand or apply? 
  3. What tools or guidance products would make international transfers easier, quicker, or less complicated for stakeholders’ organisations? 

The consultation is limited to guidance under the UK GDPR and does not extend to transfers under Part 3 of the Data Protection Act 2018 (law enforcement processing), which the ICO plans to provide separate guidance on in due course.

Implications for UK Data Exporters

    For businesses transferring personal data outside the UK, this consultation is a timely opportunity to:

    • shape future compliance expectations and reduce regulatory uncertainty;
    • advocate for more streamlined and scalable transfer mechanisms; and
    • ensure sector-specific concerns (e.g., in tech, finance, healthcare) are reflected in future guidance.

    As many organisations have experienced, navigating different data protection laws in the global context is challenging. Thus, clear ICO guidance can help to reduce legal uncertainty and compliance costs, and align UK practices with global standards, supporting smoother operations and investment flows.

    Next Steps

    We advise stakeholders to review their current international transfer practices and identify any pain points or inefficiencies that could be addressed through improved ICO guidance.

    Submissions can be made here. While responses may be summarised publicly, the ICO will not disclose personal information. However, contributors should avoid including confidential or sensitive data.

    At Baker Mckenzie, we are well equipped to assist clients in preparing submissions, reviewing current transfer mechanisms, and assessing potential compliance risks under the evolving UK data protection landscape.

    Categories:
    Tags:
    Author

    Amber is an Associate in the London Data Privacy & Cybersecurity Practice, while also supporting the wider team on digital regulatory work and commercial tech transactions. She advises clients across various data-rich sectors on a range of data protection and privacy advisory, compliance and regulatory matters, including GDPR compliance programmes, ICO investigations, and data breach and cybersecurity incident response.

    Related Posts