The European Commission ("EC") has announced as of 28 June the formal adoption of two adequacy decisions for the United Kingdom under the EU General Data Protection Regulation (GDPR) and Law Enforcement Directives (LEDs).
The adequacy decisions recognise the UK's personal data safeguards as being strong and will allow UK entities to continue to receive personal data from the EEA without restriction (i.e. without having to put in place adequate safeguards such as the EU Standard Contractual Clauses). These adequacy decisions are important for businesses that rely on international data flows and for enforcement bodies involved in cross-border investigations.
The EC has used, for the first time, a "sunset clause" in both adequacy decisions, which will limit the duration of the adequacy decisions to four years. If the UK continues to maintain adequate data protection standards, the adequacy decision will be renewed. However, the EC reserves the right to monitor and intervene during the four-year period if the UK deviates from the standards.
The EC's press release can be found here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.