The EU Commission has today adopted two adequacy decisions for the United Kingdom, which will allow the free movement of personal data from the EEA to the UK in accordance with the GDPR.
The decisions have a four year term and will expire in 2025, with renewal being dependent on the UK not diverging from the standard of protection set out in the GDPR. In addition, the EU Commission will continue to monitor how the UK system evolves over the coming years, with the power to intervene if it feels that the UK is no longer meeting the EU's standards when it comes to personal data protection.
You can almost hear the collective sigh of relief from organisations across the EU and the UK on hearing this news. After months of uncertainty, the 30 June deadline approaching and the recent approval of new EU SCCs, for now, no additional measures will be needed to transfer personal data lawfully.
The recognition of the UK's data protection system as aligned with the EU should provide great economic benefits as well as remove uncertainty, as data can flow freely across the North Sea, Irish Sea and Channel. Crossing the Atlantic, however, remains one of life's more difficult challenges. Perhaps it is one that we should now turn to.
Authors
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.