○ ○ ○ ○
Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree
Please explain the advantages and risks that you foresee for allowing accreditation of non-UK bodies.
Q3.4.4. Are there any other changes to certifications that would improve them as an international transfer tool?
3.5 Derogations
Explanatory box: What are derogations? The derogations described in Article 49 of the UK GDPR are exceptions from the general rule that you should not make a restricted personal data transfer unless it is covered either by a UK adequacy regulation, or there are appropriate safeguards in place. The use of derogations is the final mechanism available to organisations for transferring data internationally. Derogations can only be used in very limited circumstances and under specific conditions, where adequacy and alternative transfer mechanisms are unavailable. Before considering derogations, organisations must first identify whether or not the recipient country is adequate, or whether appropriate safeguards can be used. If these mechanisms are not available, then the derogations can be considered. The available derogations are for situations where: ●
the data subject has given explicit consent for the proposed transfer after having been informed of the possible risks
●
the transfer is necessary for the performance of a contract between the data subject and the controller, or pre-contractual measures taken at the data subject’s request
●
the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person
●
the transfer is necessary for important reasons of public interest
●
the transfer is necessary for the establishment, exercise or defence of legal claims;
●
the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent
100
