The EU Commission has today adopted two adequacy decisions for the United Kingdom, which will allow the free movement of personal data from the EEA to the UK in accordance with the GDPR.
The decisions have a four year term and will expire in 2025, with renewal being dependent on the UK not diverging from the standard of protection set out in the GDPR. In addition, the EU Commission will continue to monitor how the UK system evolves over the coming years, with the power to intervene if it feels that the UK is no longer meeting the EU's standards when it comes to personal data protection.
You can almost hear the collective sigh of relief from organisations across the EU and the UK on hearing this news. After months of uncertainty, the 30 June deadline approaching and the recent approval of new EU SCCs, for now, no additional measures will be needed to transfer personal data lawfully.
The recognition of the UK's data protection system as aligned with the EU should provide great economic benefits as well as remove uncertainty, as data can flow freely across the North Sea, Irish Sea and Channel. Crossing the Atlantic, however, remains one of life's more difficult challenges. Perhaps it is one that we should now turn to.
Today we can give EU citizens certainty that their personal data will be protected when it is transferred to the UK. This is an essential component of our new relationship with the UK. It is important for smooth trade and the effective fight against crime.