The European Commission (“EC”) has announced as of 28 June the formal adoption of two adequacy decisions for the United Kingdom under the EU General Data Protection Regulation (GDPR) and Law Enforcement Directives (LEDs).
The adequacy decisions recognise the UK’s personal data safeguards as being strong and will allow UK entities to continue to receive personal data from the EEA without restriction (i.e. without having to put in place adequate safeguards such as the EU Standard Contractual Clauses). These adequacy decisions are important for businesses that rely on international data flows and for enforcement bodies involved in cross-border investigations.
The EC has used, for the first time, a “sunset clause” in both adequacy decisions, which will limit the duration of the adequacy decisions to four years. If the UK continues to maintain adequate data protection standards, the adequacy decision will be renewed. However, the EC reserves the right to monitor and intervene during the four-year period if the UK deviates from the standards.
The EC’s press release can be found here.
Please contact Jose Saras if you have any questions.
The material contained in this article is only a general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.