Let’s face it, GDPR has been irritating us all since 2016.
This week, just when we were all ready for another tornado of confusion, the EU adopted two new ‘adequacy decisions’ in regards to the UK. This is good news! Here’s what it means.
On June 28th, the EU adopted two ‘adequacy decisions’. In a nutshell, these decisions are a way of formally stating that the UK ensures an adequate level of protection for personal data.
The UK’s current data protection policy is extremely similar to that of when the UK was a member of the EU, and it has “fully incorporated the principles, rights and obligations of the GDPR and the LED into its post-Brexit legal system”. This was put in place by the UK, in order to create a smooth transition when the UK left the EU.
The recent adoption of these ‘adequacy decisions’ by the EU, means that businesses in the UK can freely receive personal data from the EU and EEA, without needing to include additional arrangements, such as Standard Contractual Clauses. Hurrah!
A small difference to prior adequacy decisions made (and probably not surprising), is the inclusion of a ‘sunset clause’ which limits the duration of this decision to four years. After this time, the findings may been renewed, but only if we are deemed to safeguard data effectively.
What does it mean for UK businesses?
This recent decision by the EU will support investment, trade and law enforcement agencies as well as vital public services.
It means;
- Businesses can continue to receive data from the EU without changing their current data protection policies.
- There is no need to put in place any additional safeguards in respect of EU to UK transfers.
- The decision however, could be revoked immediately should the UK’s standards drop.
Here are some quotes from people who know their stuff…
“Adequacy is the best outcome as it means organisations can carry on with data protection as usual. And people will continue to enjoy the protections that their data will be used fairly, lawfully and transparently.” – UK Information Commissioner
TechUK CEO, Julian David commented; “Securing an EU-UK adequacy decision has been a top priority for techUK and the wider tech industry since the day after the 2016 referendum. The decision that the UK’s data protection regime offers an equivalent level of protection to the EU GDPR is a vote of confidence in the UK’s high data protection standards and is of vital importance to UK-EU trade as the free flow of data is essential to all business sectors.”
More information can be found on the Government website here.
