Over the past months, the European Commission has been evaluating the UK’s approach to personal data protection, both in law and in practice, including the rules on access to personal data by the government itself.
And last week it concluded that the UK ensures an “essentially equivalent level of protection to the one guaranteed under the General Data Protection Regulation (GDPR)”.
This is good news for any firm handling UK and EU personal data, as it means such data can move between those jurisdictions without having to impose additional physical, electronic or contractual restrictions. Or, in the words of Didier Reynders, European Commissioner for Justice:
“EU citizens’ fundamental right to data protection must never be compromised when personal data travel across the Channel. The adequacy decisions, once adopted, would ensure just that.”
This is not the end of the process, as an opinion now needs to be obtained from the European Data Protection Board (EDPB), followed by agreement from a committee composed of representatives of the EU Member States.
Even then, the adequacy decision would only be valid for four years, after which it would be possible to renew if the level of protection in the UK continues to be adequate.
However, as UK Information Commissioner, Elizabeth Denham commented:
“The draft adequacy decisions are an important milestone in securing the continued frictionless data transfers from the EU to the UK.
“Today’s announcement gets us a step closer to having a clear picture for organisations processing personal data from the EU and I welcome the progress that has been made.”
You can learn more about Rhetorik’s data privacy and protection policies here. If you have any questions about our approach to compliance with data privacy and data protection legislation, do please Contact Us.
You might also be interested in this post – European Court rules EU-US Privacy Shield invalid. What does this mean for your data?