n response to a request from the SEC, the U.K. Information Commissioner's Officer, U.K.'s data protection regulator (ICO), has published its letter to the SEC setting out the ICO's views on regulating relevant transfers of personal data, which will assist firms to understand how they can comply with both their SEC obligations and the U.K. GDPR. A U.K. firm is likely to be able to provide requested documents containing personal data in reliance on the "public interest" derogation in Article 49(1)(d) U.K. GDPR, but firms will have to consider whether the transfer is "necessary and proportionate", provide the appropriate disclosures to customers and staff and document their decision making process. To read the full alert, please click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.