top of page
  • Writer's pictureDeborah

Released on 17 November 2022 by the Information Commissioner's Office (ICO) the updated version of the international transfers section of its Guide to GDPR, includes a new Transfer Risk Assessment (TRA) Guidance and a TRA tool.

The ICO’s TRA tool is one of transfer mechanisms that entities may use to comply with the requirements under article 46 of the UK The General Data Protection Regulation (GDPR).


In conducting its TRA, an organization must carry out a reasonable and proportionate analysis on the following:

  • Risks to people’s rights arising in the destination country from third parties accessing the information, in particular government and public bodies.

  • Risks to people’s rights arising from difficulties enforcing the Article 46 transfer mechanism.

To make a restricted transfer of personal data using ICO’s approach, concerned entities shall carefully consider in what capacity they are acting.

  • Controllers relying on a processor to make the restricted transfer are not required to complete the TRA; only the processor is responsible for completing the TRA.

  • Receiving entities sending the data to third parties may be required, where applicable, to carry out a TRA.

  • Entities making a series of connected, repeated or similar restricted transfers, shall carry out a TRA for each restricted transfer or one TRA that covers all of them.

An alternative to the ICO TRA tool is the transfer impact assessment (TIA) methodologies based on the European Data Protection Board (EDPB) guidance.


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page