EU approves UK data adequacy (part 2)

We briefly mentioned this last time as the EU decision to confirm the draft UK adequacy decision was published as the last insight newsletters were being written.

To add a little more detail, the decision means that data can safely flow to the UK from the EU and EEA, without normally needing additional safeguards such as SCC’s. Since the decision was approved only 2 days before the deadline, I hope that you already had plans in place for all of your EU or EEA personal data transfers, but data protection compliance is easier than it might have been.

Several sources have mentioned a ‘sunset clause’ but the arrangement was always going to be reviewed after 4 years, or earlier if the EU deems that the UK GDPR has deviated from the EU GDPR.

Reacting to the EU decision Information Commissioner, Elizabeth Denham said:

“This is a positive result for UK businesses and organisations.

“Approved adequacy means that businesses can continue to receive data from the EU without having to make any changes to their data protection practices.

“Adequacy is the best outcome as it means organisations can carry on with data protection as usual. And people will continue to enjoy the protections that their data will be used fairly, lawfully and transparently.”

“The result is also a testament to the strength of the UK’s data protection regime.”