EU grants data adequacy decision in favour of UK (for now)…

With the temporary bridging period ending, the EU has finally ruled that UK data protection laws are ‘adequate’ for the purposes of transfers of personal data across borders. This will come as a huge relief to organisations doing businesses in both the EU and UK as this means that personal data can be transferred freely from a company based in a country within the European Economic Area (EEA) to another in the UK, without the need for additional cumbersome safeguards.

Personal data is any information that can uniquely identify an individual, so will inevitably include employee and customer data, such as names, contact information and profile data.

The decision is however time limited and will be expire after 4 years, at which point a review will take place to determine whether to renew the decision. The UK has further been warned that this adequacy status could be withdrawn at any time if the current UK data protection rules diverge in any material way from current EU laws and no longer afford EU citizens sufficient protection for their personal data.

The decision has been called a “breakthrough” by Confederation of British Industry (CBI) director of policy, John Foster, who also described the free flow of data as the “bedrock of the modern economy and essential for firms across all sectors”. The decision will certainly be welcomed by businesses working closely with affiliates and third parties across the UK and EU.

For more information on data protection and how to ensure your business is compliant with applicable laws, please get in touch.

Madeleine Rhodes