As of late March, the transfer of personal data from the UK to the US will rely on UK versions of the "Standard Contractual Clauses" already in use for transfer of data from the EU to the US. The new UK instruments are necessary due to Brexit and to the UK now having its own data privacy rules (UK GDPR). The UK has issued two documents -- an agreement and an addendum -- to be used in transfers of personal data.
Why it Matters
Transfer of personal data out of Europe has become increasingly more difficult since the GDPR took effect, thanks both to that law and to a series of court cases that took place in the years just before and after the GDPR took effect. The effect of Brexit has been to complicate this already-complicated topic further. US companies that have EU or UK suppliers, customers, or employees will need to ensure that they know whether they are "transferring" data out of those areas, and which set of rules and agreements should govern. Failure to use appropriate safeguards for transferring personal data can violate the GDPR and expose a business to potentially large fines.
/Passle/5fe0c4f453548a10fc881e09/MediaLibrary/Images/2025-10-09-14-47-09-526-68e7caed09520928935393cf.png)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2025-09-30-13-12-56-565-68dbd758f6347a2c4b9a81ab.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2025-09-02-15-10-27-674-68b708e3a631091b7967ef21.jpg)