Data protection in 2021 | Hunters Law LLP

News

Richard Baxter and Hannah Solel provide a legal update on data protection in 2021

January 11, 2021
By and Hannah Solel, Associate

Hannah Solel

, Associate

Legal update: Data protection in 2021

The purpose of this legal update is to inform businesses on their existing and future data protection obligations in light of the Trade and Cooperation Agreement between the UK and EU.

Departure from the EU took four-and-a-half years and the culmination of the process is the Trade and Cooperation Agreement.[1] Contained within the 1246-page Agreement are some details about the receipt and transfer of personal data.

Note that while the UK legislature has ratified the deal and incorporated it into English law via the European Union (Future Relationship) Act 2020, the European Parliament is yet to ratify the deal. The Agreement therefore applies provisionally until then.

Were there any changes as of 1 January 2021?

There has been no immediate impact on existing data protection laws in force in the UK, meaning personal data can continue to flow from the EU and EEA countries to the UK and vice versa.[2] The flow from the EU and EEA can continue because, from 1 January 2021, the Trade and Cooperation Agreement allows for an interim “specified period” during which the existing data protection regime continues as the status quo.[3]

The specified period will last for a maximum of six months. This time is needed because an “adequacy decision” has not yet been made by the European Commission. As the UK is now a third country from the EU’s perspective, an adequacy decision will determine whether or not the EU considers the UK’s data protection regime to be sufficiently similar, or equivalent, to the EU’s data protection regime.[4] When the decision is made, the specified period will end.[5]

What is the UK’s existing data protection legal framework?

The EU’s GDPR has been incorporated into UK law through the Data Protection Act 2018 and the EU (Withdrawal) Act 2018. There is also secondary legislation.

Section 3(10) of the Data Protection Act 2018 establishes the term “UK GDPR” to make clear that the GDPR has been retained as a UK law.

Will there be changes in the future?

If the UK’s existing regime is deemed adequate, the result will be that personal data can continue to flow from the EU (and EEA countries) to the UK without additional measures being introduced. The foregoing applies for so long as neither jurisdiction substantively changes its legislation because an adequacy decision would be regularly reviewed and could be revoked.

If the European Commission decides that the UK regime is not adequate, data will still be able to flow to the UK but the flow will be subject to new legal and administrative requirements. For example, UK businesses will have to enter into contracts, containing EU-approved Standard Contractual Clauses, with their EU contacts – entering into such a contract will establish that a UK business has adequate data protection standards.

The Trade and Cooperation Agreement contains a provision that the specified period will cease if, before the adequacy decision is determined, the UK makes amendments to the current regime without EU approval.[6] This would be unlikely, as to do so would ruin the apparent consensus with the EU on the importance of data protection – the Agreement makes clear that the EU and UK “affirm their commitment to ensuring a high level of personal data protection”.[7] It therefore seems unlikely that the UK would, in the long term, depart from the high standards established by the GDPR.

Final comments

For all businesses and organisations, whether for profit or not for profit, it is important to continue to adhere to the existing data protection rules. Businesses should also review where their personal data comes from, how it is processed and recorded.

As the specified period progresses, regular monitoring of the guidance from the Government and Information Commissioner’s Office is strongly recommended. As and when the adequacy decision is announced, we will publish relevant updates.

If you have any questions about this article, please do not hesitate to speak to your usual contact at Hunters or to get in touch with any of the Partners in the Business Services Department.

[1] Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, of the one part, and the United Kingdom of Great Britain and Northern Ireland, of the other part: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/948119/EU-UK_Trade_and_Cooperation_Agreement_24.12.2020.pdf

[2] Data Protection Act 2018, Schedule 21, paragraphs 4 – 5

[3] Trade and Cooperation Agreement, Part 7, Article FINPROV.10A (1) – (2)

[4] See: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

[5] Trade and Cooperation Agreement, Part 7, Article FINPROV.10A (4)(a)

[6] Trade and Cooperation Agreement, Part 7, Article FINPROV.10A (5)

[7] Trade and Cooperation Agreement, Part 6, Article COMPROV.10 (1)

Related News

Mar 23, 2023

Stephen Morrall and Sophia Smout discuss firing someone for gross misconduct in People Management

Stephen Morrall discusses the impact of the four-day work week in TheWealthNet

Stephen Morrall and Sophia Smout examine the new rules on flexible working in People Management

Stephen Morrall comments on the new flexible working rights in Personnel Today

Stephen Morrall comments on gig economy rulings challenging pension enrolment in Law360

Stephen Morrall and Annabelle Woosnam discuss the legal rights for gig economy employees to a pension in People Management

Stephen Morrall and Annabelle Woosnam discuss pensions in the gig economy, in Employee Benefits

Stephen Morrall comments on what COVID rules means for workers and employers in Mail Online, This is Money, Mail on Sunday, Daily Mail and MSN Money

Stephen Morrall and Aman Khokhar explore how employers can best determine worker status in People Management

Richard Baxter examines whether Brexit creates uncertainty for online software sales agents in Reports Legal

prev next

All News

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_29463535_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Hannah Solel

Hannah Solel

, Associate

Related News

Mar 23, 2023

Feb 20, 2023

Jan 30, 2023

Dec 12, 2022

Oct 18, 2022

Sep 20, 2022

Jul 06, 2022

Feb 11, 2022

Nov 30, 2021

Nov 17, 2021

Contact Hunters Law