Breaking News | Europe Set to Certify UK Data Protection Provisions
The European Commission has just published its preliminary ‘adequacy’ decision about data protection. It expects to confirm that UK data protection law is regarded as equivalent to the EU’s own (GDPR).
This is really good news and will be a major milestone for any organisation with clients in the EU or EEA area. It’s equally important for organisations who have their HQ or other operations based there.
As part of the Brexit withdrawal agreement, interim provisions are currently in place. They are due to expire in a couple of months. There was a risk that EU/UK organisations would then lose the equivalent status they currently enjoy. All personal data processed between the EU and UK would potentially have to go through a tedious and bureaucratic endorsement process.
For its part, the UK has already confirmed that it continues to regard EU data protection law as equivalent. This is unsurprising as the UK was, of course, a constituent of the EU when the General Data Protection Regulation was introduced throughout Europe in 2018.
Because the UK introduced its own ‘UK GDPR’ legislation in January, there was a risk the EU may determine it was not of equivalent status. However, the European Commission has now confirmed it believes UK provisions meet its ‘adequacy’ test.
Their media release states:
“Over the past months, the Commission has carefully assessed the UK’s law and practice on personal data protection, including the rules on access to data by public authorities. It concludes that the UK ensures an essentially equivalent level of protection to the one guaranteed under the General Data Protection Regulation (GDPR) and, for the first time, under the Law Enforcement Directive (LED).”
Please note that this is, however, simply a recommendation at this stage. The matter will now be considered in detail by the European Data Protection Board as well as representatives of the EU member states. Hopefully, and expectedly, the Commission’s opinions will be confirmed.
As Elizabeth Denham, the UK Information Commissioner, recently stated:
“The draft adequacy decisions are an important milestone in securing continued frictionless data transfers from the EU to the UK.”
It brings us a step closer to the continuation of ‘business as usual’ as far as processing personal data between the rest of Europe and the UK is concerned.
We will continue to update this news story as this important matter progresses.