Further to our article in Information Security Buzz, and published on our website on 12 February 2021, adequacy decisions on the United Kingdom’s data protection regime have been approved by European Union (‘EU’) member states. This means that the UK’s current data protection regime is deemed sufficiently similar or equivalent to the EU’s regime. Transfers of personal data from the European Union (and European Economic Area) to the UK are therefore expected to continue without any new measures being introduced, unless either side develops or diverges from its current arrangements.
The EU-UK Trade and Cooperation Agreement provided a six-month interim period for flows of personal data to continue unchanged. The interim period is due to end on 30 June 2021 and so the update regarding the adequacy decisions has come at the right time to avoid any significant disruption to data flows.
No formal announcements have been made by the EU, UK government or the Information Commissioner’s Office yet.
The next stage is for the two adequacy decisions to be adopted by the European Commission. This is expected before 30 June.
Adoption will provide certainty for UK and EU businesses alike about the strength of the UK’s data protection regime. Businesses should keep matters under review, however, because the adequacy position will be subject to review by each party, should either party change its data protection legislation in the future.
For specific advice on this or any other commercial or corporate issues, please contact Richard Baxter on 020 7412 0050 or firstname.lastname@example.org.