On 28 June the European Commission announced that a GDPR adequacy decision for the UK has been approved.
The decision means that the EU has determined the UK to have adequate data protection laws to allow personal data to safely flow from the EU (and EEA) to the UK.
The adequacy decision is for four years but may be reviewed during that time, and will be renewed only if the EU determines that the UK continues to have an adequate level of data protection.
The decision recognises the UK’s high data protection standards, and UK sponsors and participating sites receiving personal data from EU can continue to do so without further action.
Information Commissioner, Elizabeth Denham said:
“This is a positive result for UK businesses and organisations. Approved adequacy means that businesses can continue to receive data from the EU without having to make any changes to their data protection practices. Adequacy is the best outcome as it means organisations can carry on with data protection as usual and people will continue to enjoy the protections that their data will be used fairly, lawfully and transparently.”
UK Government: EU adopts ‘adequacy’ decisions allowing data to continue flowing freely to the UK - GOV.UK (www.gov.uk)
ICO statement: ICO statement in response to the EU Commission’s announcement on the approval of the UK’s adequacy | ICO
European Commission: Commission adopts adequacy decisions for the UK (europa.eu)
You can read the decisions here:
Read the GDPR decision
Read the Law Enforcement Directive decision