UK GDPR adequacy recognition approved by Brussels


29th June 2021

Free flows of personal data from the EU to the UK under the current streamlined rules look set to continue as the EU moves towards a new personal data transfer deal. This looks to be good news for General Data Protection Regulation (GDPR) adequacy.

Last week, the national governmental policy experts of each EU Member State unanimously voted in favour of a draft EU Commission decision which would finally recognise the UK as ‘adequate’ under the GDPR, meaning the EU will deem the UK’s privacy laws to be as protective of individuals’ privacy as the rules that apply within the EEA. Importantly, this would mean there will be no disruptions to EU – UK transfers of personal data, which is good news for businesses, who were increasingly bracing for the worst.

It has previously been an open question whether the EU would adopt an adequacy decision for the UK, with a real threat that no such approval would be forthcoming and, instead, businesses would be faced with having to adapt to a more restrictive regime, with additional administrative safeguards on the transfer of personal data and lengthier legal documentation. In particular, in February 2021 the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs issued a non-binding Opinion that the UK should not be granted an adequacy decision for several reasons, including perceived concerns surrounding national security.

Under the current Brexit trade deal between the UK and EU, the EU had agreed to temporarily allow flows of personal data from the EU to the UK to continue on the same basis as if the UK were still an EU Member State under a so-called “bridging mechanism”.

However, this “bridging mechanism” is set to expire on 30 June 2021, meaning that an adequacy decision is essential to continuing the current regime without disruption.

Now, Member States’ experts have approved the draft GDPR adequacy decision, and on 28 June 2021, the EU Commission adopted the decision just before the deadline of 30 June 2021.

If you need legal advice about GDPR, please do contact our data protection specialists.

This article was first published on 25 June 2021 and updated on 29 June 2021.

Speak to a member of our intellectual property team

Arrange a call

Enjoy That? You Might Like These:


articles

30 July
The second in part in our series of blogs on the Data (Use and Access) Act 2025 focuses on cookies. We examine Chapter 2 of Part 5 Data (Use and... Read More

events

23 July
Led by Employment Partner Rajiv Joshi, we are hosting an exclusive roundtable for senior legal counsel and GCs as part of our Counsel+ Forum on the forthcoming Employment Rights Bill. Read More

articles

22 July
It has been a month since the Data (Use and Access) Act 2025 (“DUAA”) received Royal Assent. DUAA amends existing UK data protection legislation, including, the UK GDPR, Data Protection... Read More