On Friday, 19 February 2021, the European Commission issued a press release regarding an adequacy decision for the UK.
The Commission has “launched the process towards the adoption of an adequacy decision”, meaning it has reviewed the UK’s data laws and deemed them equal to or exceeding those of the EU, and that subject to review by the EDPB (European Data Protection Board) and committee of EU member states, the UK will be added to the list of countries that can share data freely with the EU.
The decision covers the UK GDPR and, for the first time, the Law Enforcement Directive – the data processing law relevant to processing for law enforcement purposes.
While this is excellent news for both the UK and the EU, and the businesses that operate within them, there will be “strict and clear mechanisms for both monitoring and review” at least every four years in case the UK makes any changes to its data protection laws that the EU does not approve of.
What happens next?
Before it can adopt the adequacy decision, the European Commission must seek the opinion of the EDPB, then get the green light from member states’ representatives in what’s called a comitology procedure.
Meanwhile, it’s worth emphasising that no matter what happens regarding this decision, the UK’s requirements concerning EU representatives won’t change.
Article 27 of the GDPR states that, with the exception of public bodies, organisations that aren’t based in a member state and that monitor the behaviour of, or provide goods or service to, EU residents must establish a representative.
An adequacy decision doesn’t change the UK’s status as a member state, so the requirement will remain in place.
Our team of lawyers, barristers and solicitors will act as your representative, working remotely to fulfil your needs.