On February 19, 2021, the European Commission published a draft decision finding that UK law provides an adequate level of protections for EU data. If the draft decision passes, organizations in the EU will have the ability to continue transferring personal data to organizations in the UK without any restrictions. They also will not need to implement data transfer mechanisms, such as the EU Standard Contractual Clauses, to comply with the requirements of the GDPR.

The draft decision comes after a year of review by the European Commission, which concluded that the UK’s legal and regulatory data protection regime meets protections for EU data adequacy requirements.

It also provides for automatic review of the UK legal regime within four years. If the European Commission does not re-affirm the adequacy of the UK at that time, it will no longer consider the UK as adequate. They will further review the decision before formally adopting it. Moreover, the European Data Protection Board and the European Parliament’s Committee on Civil Liberties will issue a non-binding opinion in relation to the decision. Finally, the decision will be formally adopted after it has been approved by the EU Member States acting through the European Council.

The UK government welcomed the decision in a statement issued by the Department for Digital, Culture, Media & Sport.

With over 20 years of client counseling and international data policy expertise our team will provide you with the power, knowledge, and processes to achieve compliance internationally. Contact us today.