INDUSTRY WATCH

Following the UK ’ s official withdrawal from the EU on January 1 , 2021 , the two blocs agreed to temporarily keep existing data transfer arrangements in place , while negotiating a permanent adequacy solution ( i . e . the EU agreeing a country can be in its data sharing club ). The recently signed agreement will enable the UK to keep its existing data adequacy agreement in place , while also approving the UK ’ s data protection system and protocols for the transfer of personal data from Europe .

When it comes to Brexit , media outlets and commentators have always been more focused on the ways that the UK ’ s withdrawal from the EU would affect how people travel and businesses trade . Little to no attention has been given to what Brexit would mean for data protection , yet it ’ s always been an area of key importance . So what does this latest agreement mean for data management ?

The big deal with data

When the General Data Protection Regulation ( GDPR ) came into effect across the EU member states on May 25 , 2018 , it was the most ambitious piece of data regulation ever passed by the European Union . New rules were introduced relating to the way personal data was collected and processed , improving the protection of European data subjects ’ rights , while also clarifying what companies that process personal data would have to do to safeguard these rights .

In short , all businesses dealing with data relating to EU citizens would have to ensure they were GDPRcompliant and the rules applied across all members of the European Union . Now that the UK has left the EU , continued compliance with GDPR has recently been an important factor in the data adequacy discussion .

The quest for alignment

Even with the UK leaving the EU , data transfers between the two are such an integral part of so many UK businesses that the free flow of personal data should be maintained .

Back in 2018 , in preparation for the end of the transition period on December 31 , 2020 , the UK government enacted a new data protection act called the DPA 2018 . This act was designed to sit alongside and supplement something called the ‘ UK GDPR ’, ostensibly a copy / paste of the European version . The theory was that copying the EU GDPR ( initially , at least ) would harmonise the data privacy rules between the UK and the EU and make the path to ‘ adequacy ’ somewhat more straightforward .

This wasn ’ t a given though , as a ‘ data adequacy ’ ruling requires the seal of approval from the European Commission first . Unfortunately , it ’ s not enough for a country to just mimic the data privacy rules of the EU , it needs to demonstrate that it is enforcing them properly and that there aren ’ t any other laws that contradict the GDPR . It ’ s a legal and bureaucratic minefield .

The risks of divergence

While a data adequacy agreement has been reached to ensure the continued free flow of data between the UK and the EU , the deal could prove temporary should the UK choose to veer too far from the principles of GDPR in its ambition to become a global leader in the tech space .

www . intelligentcio . com INTELLIGENTCIO EUROPE 75