No change to UK data protection laws following the European Commission’s (EC) adequacy decision.
After Brexit the UK became a ‘third country’ under EU GDPR meaning transfers of personal data between the EU and UK were only possible if UK data protection laws were deemed acceptable by the EU.
Confirmation – the EU has confirmed the UK has fully incorporated all of the data protection principles, rights and obligations it would expect meaning UK data protection laws do not need to change to meet with any concerns the EU might have had.
Future – whilst the EC’s confirmation of adequacy means it’s business as usual for the time being, it has included a ‘sunset clause’ meaning in four years the EU will reassess UK data protection laws to ensure they’re still adequate. Of course we’ll keep you posted.
If you’d like to support identifying potential legal risk and commercial weaknesses in the way you process personal data, get in touch to discuss how our data protection review can help.