The EU will allow its companies and public bodies to share personal data with UK entities after the European Commission agreed UK laws are equivalent with the bloc’s General Data Protection Regulation (GDPR).
On granting adequacy decisions on both the GDPR and
the Law Enforcement Directive, the EC said “personal data can now flow freely
from the EU to the UK”.
The EC said UK data protection law is “essentially
equivalent” to EU law. It added that “strong safeguards” have been built in to
protect against future divergence, in particular a clause that only grants
adequacy for four years before it is reviewed.
Věra Jourová, vice-president at the EC, said: “The UK
has left the EU but today its legal regime of protecting personal data is as it
was… We are talking here about a fundamental right of EU citizens that we have
a duty to protect. This is why we have significant safeguards and if anything
changes on the UK side, we will intervene.”
The decision will automatically expire after four
years and the EC will review any changes to the UK’s data protection laws
before it agrees to renew. The EC said continual monitoring will mean it can
“intervene at any point” in the four-year period, should the UK deviate from
its current position.
Didier Reynders, Europe’s commissioner for justice,
said: “This is an essential component of our new relationship with the UK. It
is important for smooth trade and the effective fight against crime. The Commission
will be closely monitoring how the UK system evolves in the future and we have
reinforced our decisions to allow for this and for an intervention if needed.”
The UK fully incorporated GDPR into its legal system
both before and after the UK left the EU.
CRE
© Commercial Risk Europe
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article