It is considered that countries within the European Economic Area (EEA) have adequate, legal protection in place to be able to transfer personal data securely.
You may transfer personal data to countries within the EEA on the same basis as you may transfer it within the UK, as is expressed by principle 8 of the Data Protection Act.
For example, if you have a British client buying a house in France, then the relevant authorities and businesses in France will need to receive the information of your client.
If you have a British client buying a house on an island in the Caribbean, however, then you will need to ensure that the territory has adequate data security measures in place before sending any personal data.
Transferring Data Outside of the EEA
Before sending personal data outside of the EEA, the ICO recommends you ask yourself the following questions:
If the country is not on the EU Commission’s list, then: