It has been just over two years since the UK officially exited the EU and we are beginning to see how the UK and the UK Information Commissioner’s Office (ICO) intend to differentiate themselves from the EU approach to restricted transfers (i.e., transfers of personal information to countries that are not recognized as “adequate” for data protection purposes). The changes do not indicate a giant leap away from the EU approach (at least not yet), but the changes are significant enough for companies operating in the UK to take note.