February 24, 2021

Breaking News | Europe Set to Certify UK Data Protection Provisions

The European Commission has just published its preliminary ‘adequacy’ decision about data protection. It expects to confirm that UK data protection law is regarded as equivalent to the EU’s own (GDPR).

This is really good news and will be a major milestone for any organisation with clients in the EU or EEA area. It’s equally important for organisations who have their HQ or other operations based there.

As part of the Brexit withdrawal agreement, interim provisions are currently in place. They are due to expire in a couple of months. There was a risk that EU/UK organisations would then lose the equivalent status they currently enjoy. All personal data processed between the EU and UK would potentially have to go through a tedious and bureaucratic endorsement process.

For its part, the UK has already confirmed that it continues to regard EU data protection law as equivalent. This is unsurprising as the UK was, of course, a constituent of the EU when the General Data Protection Regulation was introduced throughout Europe in 2018.

Because the UK introduced its own ‘UK GDPR’ legislation in January, there was a risk the EU may determine it was not of equivalent status. However, the European Commission has now confirmed it believes UK provisions meet its ‘adequacy’ test.

Their media release states:

“Over the past months, the Commission has carefully assessed the UK’s law and practice on personal data protection, including the rules on access to data by public authorities. It concludes that the UK ensures an essentially equivalent level of protection to the one guaranteed under the General Data Protection Regulation (GDPR) and, for the first time, under the Law Enforcement Directive (LED).”

Please note that this is, however, simply a recommendation at this stage. The matter will now be considered in detail by the European Data Protection Board as well as representatives of the EU member states. Hopefully, and expectedly, the Commission’s opinions will be confirmed.

As Elizabeth Denham, the UK Information Commissioner, recently stated:

“The draft adequacy decisions are an important milestone in securing continued frictionless data transfers from the EU to the UK.”

It brings us a step closer to the continuation of ‘business as usual’ as far as processing personal data between the rest of Europe and the UK is concerned.

We will continue to update this news story as this important matter progresses.

Share this article

About the author

Mike Fitzsimmons

About the author

Mike Fitzsimmons

Mike is a Senior HR Consultant within the Moorepay Policy Team. He is responsible for the developing of employment documentation and is an Employment law advisor. With over 30 years of senior management and HR experience, Mike has managed teams of between 30 and 100 employees and is familiar with all the issues that employing people brings. He has also served as a non-executive director on the Boards of several social enterprises and undertook a five year tour of duty as Executive Chair of a £30+ million annual turnover Government agency.

Related Posts

returning to the workplace
Returning to the workplace: 39% of employees are looking forward to ‘nothing’.

We surveyed 1200 people last month and found 39% of respondents are looking forward to…

View Post
employment tribunals and how to avoid them
5 reasons businesses are taken to employment tribunal – and how to avoid them!

Employment tribunals require time, effort, often cost money, and can hurt your reputation as a…

View Post
how to avoid business fines hr
How to avoid business fines: HR edition

In a world where working models are changing and there is a growing backlog of…

View Post

Making payroll & HR easy