Close Cookie Popup
Cookie Settings
Note: For the best browser experience, we recommend using Edge, Chrome, Safari, Firefox, or most other browser alternatives to Internet Explorer 11.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and provide more relevant marketing across channels.

View our Privacy Policy for more information.
Accept All Cookies
Manage Cookies
Deny Cookies
Preferences
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
View privacy policy.
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Accept All Cookies
Save Settings
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Free Data Flow between the EU and UK: Learn about the latest GDPR Adequacy Decisions for the UK

As the deadline drew closer to the end of the six-month bridging period, provided under the EU-UK Trade and Cooperation Agreement, the European Commission adopted two adequacy decisions for the United Kingdom: One under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive on the processing of personal data for criminal offenses.

Sibel Hanuschek
July 5, 2021

As the deadline drew closer to the end of the six-month bridging period, provided under the EU-UK Trade and Cooperation Agreement, the European Commission adopted two adequacy decisions for the United Kingdom: One under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive on the processing of personal data for criminal offenses.

With these decisions, the European Commission affirms the UK has entirely incorporated the GDPR requirements and the Law Enforcement Directive into its post-Brexit legal system.  

So, what does this mean?  

  • The data protection laws of the UK were formally recognized as adequate with the EU laws
  • Personal data will continue to flow freely between the EU and UK
  • Data exporters transferring data from the EU to the UK will not need to implement additional transfer safeguards (e.g. Standard Contractual Clauses ).

What are the underlying grounds for the decisions?

  1. The UK provides strong safeguards against accessing personal data by public authorities  
  2. The UK is subject to the jurisdiction of the European Court of Human Rights and must adhere to the European Convention of Human Rights
  3. The UK is one of the contracting parties of the Council of Europe Convention for the Protection of Individuals, with regard to Automatic Processing of Personal Data

It’s worth it to note that the decisions include a “sunset” clause, for the first time, which sets a time limit on the validity of the decisions.  

According to the clause, the decisions will expire four years after the effective date and could be renewed if the UK maintains the adequate level of data protection for personal data. During this term, the Commission will monitor the legal system in the UK and could intervene at any time, should the UK fail to maintain adequacy.  

As always, we’ll keep you informed on further developments.

Want more?  Learn about regulatory watch.

Sibel Hanuschek
Legal & Compliance Manager
cleversoft group