The International Data Transfer Agreement (IDTA) is the UK’s official contractual mechanism for transferring personal data to organisations located outside the United Kingdom where the destination country is not recognised by the UK Government as providing an adequate level of data protection under UK GDPR.
Issued by the UK Information Commissioner’s Office (ICO), the IDTA sets out legally binding obligations between the organisation exporting the data and the overseas recipient to ensure that personal information remains protected to UK GDPR standards.
The agreement addresses areas such as security controls, data subject rights, onward transfers, audit rights, and incident management. The IDTA is commonly used when UK organisations engage international suppliers, cloud service providers, or group companies based overseas.
As an alternative to the standalone IDTA, organisations may also use the UK Addendum in conjunction with the EU Standard Contractual Clauses (SCCs) for combined UK and EU data transfer compliance.
