Art. 47A GDPR Transfers subject to appropriate safeguards: further provision The Secretary of State may by regulations specify standard data protection clauses which the Secretary of State considers are capable of securing that the data protection test set out in Article 46 is met in relation to transfers of personal data generally or in relation to a type of transfer specified in the regulations. The Secretary of State must keep under review the standard data protection clauses specified in regulations under paragraph 1 that are for the time being in force. Regulations under paragraph 1 are subject to the negative resolution procedure. The Secretary of State may by regulations make provision about further safeguards that may be relied on for the purposes of Article 46(1A)(a). The Secretary of State may only make regulations under paragraph 4 if the Secretary of State considers that the further safeguards are capable of securing that the data protection test set out in Article 46 is met in relation to transfers of personal data generally or in relation to a type of transfer specified in the regulations. Regulations under paragraph 4 may, among other things— make provision by adopting safeguards prepared or published by another person; make provision about ways of providing safeguards which require authorisation from the Commissioner. Regulations under paragraph 4 which amend Article 46 may do so only in the following ways— by adding ways of providing safeguards, or by varying or omitting ways of providing safeguards which were added by regulations under this Article. Regulations under paragraph 4 are subject to the affirmative resolution procedure. Prev. Article View All Next Article Further Information This version of the UK GDPR is offered purely as what we hope will be a helpful resource. It does not have the status of law, and should not be relied on as such. Nor do we guarantee it is free from errors. It was originally prepared using a Keeling Schedule made available by the UK Government. Since then, a consolidated version has also been made available on the legislation.gov.uk pages. By virtue of section 3 of the European Union (Withdrawal Act) 2018, the GDPR (Regulation (EU) 2016/679) was retained in United Kingdom law as "direct EU legislation". However, the effect of the Data Protection, Privacy and Electronic Communications (Amendments Etc.) (EU Exit) Regulations 2019, as amended by the Data Protection, Privacy and Electronic Communications (Amendments Etc.) (EU Exit) Regulations 2020, was, from 1 January 2021, immediately to make changes to the retained GDPR, and to refer to it as the "UK GDPR". These pages reflect those changes. This resource includes links to the GDPR recitals. The explanatory notes to the European Union (Withdrawal Act) 2018 confirm that where legislation is converted under section 3, it is the text of the legislation itself which will form part of domestic legislation, and this will include the full text of any EU instrument (including its recitals). Accordingly, recitals will continue to be interpreted as they were prior to the UK’s exit from the EU. They will, as before, be capable of casting light on the interpretation to be given to a legal rule, but they will not themselves have the status of a legal rule. However, it stands to reason that – as the recitals themselves have not been amended – they will in places contain language and references to EU bodies and rules which no longer apply to the UK. In this resource we link Articles of the UK GDPR to the corresponding recitals. In deciding which recitals correspond to which Articles of UK GDPR, we have drawn on the working document of the EU GDPR which the Information Commissioner had previously published in 2017. Downloads Working document of the EU GDPR published 2017 and archived on the National Archives website