UK complies with data protection requirements
Ten post dostępny jest także w języku: polski
On December 31, 2020, the transition period for the United Kingdom to leave the European Union officially ended. After Brexit, there was then suspicion about data transfer to a country that is no longer part of the community. However, as the EU assured in a recent announcement, data transmission to the UK is safe and does not require additional permissions.
June 28, 2021. The European Union Commission has adopted two decisions finding an adequate level of security for data transferred to the United Kingdom. The first relates to the General Data Protection Regulation (GDPR) and the second relates to the Enforcement Directive outside the EU. This means that all personal data can flow freely from the EU to the UK, and all provisions guaranteed by EU law, also apply when data is transferred to the UK.
“After months of careful assessments, today we can give EU citizens certainty that their personal data will be protected when it is transferred to the UK. This is an essential component of our new relationship with the UK. It is important for smooth trade and the effective fight against crime. The Commission will be closely monitoring how the UK system evolves in the future and we have reinforced our decisions to allow for this and for an intervention if needed. The EU has the highest standards when it comes to personal data protection and these must not be compromised when personal data is transferred abroad.” – assesses the situation Didier Reynders, Commissioner for Justice.
Security and data protection are ensured by the same rules that the UK had in place before Brexit. The EU Commission stresses that the country is still under the jurisdiction of the European Court of Human Rights and must comply with the European Convention on Human Rights and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
However, this is the first time a so-called “sunset clause” has been applied. This means that after four years in force, the UK will have to go through a review process again regarding the application of an adequate level of data protection. During this time, the European Commission will continuously monitor the legal situation and at the same time intervene when the UK deviates from the established rules.