The transition period for data exchange between the United Kingdom (UK) and the European Union ends on June 30, 2021. This was agreed and written down on 24.12.2020 with the so-called Partnership Agreement. During this period, the UK was still considered a member of the EU in terms of data protection law. The UK thus enjoyed the benefits of straightforward data transfer within the scope of the GDPR despite the BREXIT.
As early as Feb. 19, 2021, the EU Commission initiated a procedure for the adoption of two adequacy decisions for the transfer of personal data to the UK. As part of the procedure, it requested an opinion from the European Data Protection Board (EDPB) on the drafts for the two adequacy decisions.
The European Data Protection Board confirms that the key provisions of the GDPR and the UK Data Protection Regulation (UK GDPR) are identical. However, the European Data Protection Board points out to the EU Commission that some data protection challenges exist. For example, under the Investigatory Powers Act (IPA) of 2016, security agencies and intelligence agencies in the UK have far-reaching powers and can make massive intrusions into technical devices.
On 20. May 2021, the European Parliament decided with a narrow majority against the adequacy decisions for the UK and demanded improvements.
After these two opinions, it was not clear for a long time whether the adequacy decision would come into effect before 01. July 2021 and whether the UK would thus be classified as an unsafe third country, which would have necessitated appropriate safeguards pursuant to Art. 46 GDPR for data transfers from the EU to the UK.
The adequacy decision, which was issued before the end of the transitional period, makes it easier for the companies and organizations concerned to transfer data to the UK. However, the EU Commission must review every four years whether the adequacy of the level of data protection continues to be guaranteed and extend the validity of the adequacy decision.
If you have any questions about GDPR-compliant data transfers to the UK or other third countries, please contact us here!
Unser Team – Ihr Vorteil | Hier stellen wir uns vor.
Unser Team besteht aus erfahrenen Juristen, Webspezialisten, IT-Experten, zertifizierten Datenschutz- und Informationssicherheitsbeauftragten. Mit unserer Erfahrung, Expertise und erprobten Verfahren, helfen wir Unternehmen, praxisnahe Lösungen im Bereich Datenschutz und Informationssicherheit zu finden. So helfen wir beispielsweise bei der Umsetzung der DSGVO oder der Einführung von Informationssicherheitsmanagementsystemen (ISMS).