• Gdpr
  • January 28, 2022

Data Protection - European Commission adopts adequacy decisions for the UK

On 28 June 2021, the Commission adopted two adequacy decisions in relation to the United Kingdom, under the General Data Protection Regulation (GDPR) and for the Law Enforcement Directive which will allow the continued free flow of personal data from Europe to the UK.

UK businesses and other organisations will benefit from unrestricted personal data transfers.

What is a GDPR adequacy decision?

According to the General Data Protection Regulation, an adequacy decision permits to transfer data outside the EU, or onward transfer from or to a party outside the EU without further authorisation from a national supervisory authority.

This means that there is less contractual paperwork needed between UK-based businesses and their EEA-based customers, suppliers, contractors and other parties.

What does it mean for businesses?

Every business would still need to take steps towards UK GDPR compliance, including necessary processes and documents for data controllers and data processors, with most businesses acting as both in relation to different categories of data subjects, including customers, suppliers, contractors, employees and others.

The news is very welcome as personal data can continue to flow freely from the EU and the wider EEA (European Economic Area) to the UK.

The Commission has effectively confirmed that the UK offers an equivalent level of protection to that guaranteed under EU law. 

The UK data protection system is based on the same rules that were applicable when the UK was part of the EU, with the same principles, rights and obligations.

The system also provides for strong safeguards where it comes to access of personal data by public authorities, including for national security reasons.

The adequacy decisions also facilitate the correct implementation of the EU-UK Trade and Cooperation Agreement, which provides the exchange of personal data, including where cooperation on judicial matters is required.

Both adequacy decisions limit the duration of adequacy to four years, meaning that the free flow of personal data between EU and UK can legally take place until the end of June 2025, at which time the adequacy decisions will automatically expire unless renewed by the Commission.

What are the new Standard Contractual Clauses?

The Commission has also recently issued updated Standard Contractual Clauses (SCCs) under the General Data Protection Regulation (GDPR) for data transfers from controllers or processors in the EU/EEA (including any that are otherwise subject to the GDPR) to controllers or processors based outside of the EU/EEA (and not subject to the GDPR).

The new Standard contractual clauses (SCCs) will replace the previous SCCs adopted under the previous Data Protection Directive 95/46.

Businesses need to ensure that they use the new SCCs for any parties based outside of UK/EEA where personal data is shared with those parties.

LawBite will publish a separate article to cover the new Standard contractual clauses (SCCs) and help you answer your questions regarding this topic.

If you have any questions or concerns about your current data processing practices, what the adequacy decision means for your business or data protection then please do get in touch to arrange a consultation with one of our experienced data protection lawyers.

Additional useful information

Download now for free:

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • February 15, 2022
Data protection and privacy – Employer’s responsibilities

Data protection and privacy laws touch on almost every aspect of HR.  Employers must strike a fine balance in complying with the UK GDPR, Data Prot...

blog image
  • By LawBite Team
  • February 07, 2022
Earning user trust by prioritising data protection compliance

Protecting people's privacy is not only the right thing to do, but it is key in earning trust. In 2022, armed with the knowledge gained from the Ca...

blog image
  • By LawBite Team
  • January 28, 2022
Who Needs a Data Representative in the EU for GDPR Compliance?

Obtaining a GDPR Data Representative in the EU for GDPR compliance is an important consideration that you, as a business owner, must think about.  ...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free