By Dave McKay | June 22, 2021
UK EU Adequacy Decision Accepted
On the June 17, 2021 the EU countries voted on the adequacy decision for the UK. The item in question—the bit that’s either adequate or not—is the UK’s data protection framework.
The data protection framework of a non-EU country has to be ratified by the EU before personally identifiable information is permitted to be sent from the EU to that country. Basically, the data protection framework in the non-EU country must be as thorough as the GDPR, and the personally identifying information must be protected and safeguarded just as comprehensively as if it were being processed in a EU country.
A six-month grace period for data flow between the EU and the UK was established following the UK’s exit from the EU. That grace period is coming to an end on June 30, 2021. Having the adequacy decision in place before the end of June 2021 will allow a seamless transition from the grace period to operating under the adequacy decision.
The European Commission is working to have the necessary documentation and legislation in place by that date. Most adequacy decisions run for a period of time, and will require review and renewing. The UK’s is slightly different, it has no end date but it is under “constant review.”
Countries that already have an adequacy decision include Andorra, Argentina, Canada (for commercial organisations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay. South Korea and the EU are working towards an adequacy decision.
source: Reuters