Greindl & Köck

Data Protection Law of the United Kingdom deemed “adequate” by the EU

Since the Brexit the EU considers the UK a third country. According to the General Data Protection Regulation (GDPR) the transfer of personal data to third countries is only permitted, if the date subjects there have the same rights and protections as within the EU.

Since data protection laws in the UK meets this EU-Standard and are based on the same rules as during the EU-membership, on June, 28th 2021 the European Commission granted the United Kingdom an adequacy decision.

As a result, the free data flow between both jurisdictions is secured also after lapse of the six-months transitional period and data controllers with data transfers in the UK can continue to act on this legal basis as they did before. However, this decision will expire in 4 years. Then the UK level of protection for personal data will have to be reviewed again.