United Kingdom: Information Commissioner's Office adopted updated guidance on international data transfers including test to identify restricted transfers

On 15 January 2026, the Information Commissioner’s Office (ICO) adopted updated guidance on international transfers of personal information under the United Kingdom's General Data Protection Regulation. The guidance applies to organisations making cross-border transfers of personal data, including controllers and processors. It aims to streamline compliance by setting out a three-step test to identify restricted transfers, clarifying requirements, and reducing complexity. The updated guidance addresses roles and responsibilities in multi-layered transfer scenarios and provides additional support through a brief guide and a glossary for non-specialist organisations. It was stated that further guidance is planned on transfer risk assessments (TRAs), the International Data Transfer Agreement (IDTA), and cloud services, alongside an interactive tool.