Hi, it would be good to ask your tutor and setting about this. Settings would adhere to principle 8 by having a policy and procedure to follow xx
There is a list of 'safe' countries othat data can be transfered to on this page of the gov website
https://www.gov.uk/eu-eea they are:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, UK
Iceland, Liechtenstein and Norway
Switzerland
In addition to these the European Commission has decided these countries also have
adequate level of protection:
Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Uruguay
For the
USA, companies that have signed up to the
Safe Harbor Agreement (and the EU-US Privacy Shield) would be expected to comply with the EU data protection law but this is something a legal team would check.
There are also agreements for Passenger Name Records between the EU and
Canada and
Australian airlines.
https://ico.org.uk/for-organisations...international/
So any country outside of these would require an assessment. Which could be done by the organisation using the
ICO.org's Assessing adequacy for international data transfers, by the setting taking legal advice or contacting their Local Authority for guidance.
Situations where personal information may be transferred: purchasing flight tickets, hotel bookings, storing personal details on a website's servers/hosting/cloud outside of the listed countries, entering personal information when using social media
https://ico.org.uk/for-the-public/on...al-networking/
It can be easy to see how data is used in your setting when you examine how it's used & stored - registration files that contain medical information, contact details, children's development record.
Hope this helps xx
Data Protection Act 1998
& 
Linear Mode
