UK GDPR: International Transfers (Articles 44-49)
International Transfers [Arts 44-49]
Key answer: Yes, you can transfer data outside the UK if the destination has an adequacy decision or you use other safeguards like SCCs.
Rule: Cannot transfer personal data outside UK unless adequate safeguards in place.
Permitted transfer mechanisms:
- Adequacy decision (approved countries) [Art 45]
- Standard Contractual Clauses (SCCs) [Art 46(2)(c)]
- Binding Corporate Rules [Art 47]
- Explicit consent (limited use) [Art 49(1)(a)]
Adequate countries include: EEA, Switzerland, Japan, South Korea, Canada (commercial), and others per UK adequacy regulations.
Source Text
Note: Articles 44-49 UK GDPR were omitted on 5 February 2026 by the Data (Use and Access) Act 2025. International transfers are now governed by the new UK data protection framework.
The previous Article 44 general principle stated:
Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if… the conditions laid down in this Chapter are complied with by the controller and processor.
Citation
Article 44, UK GDPR (historical) | Data (Use and Access) Act 2025