Bridging the GDPR Gap

Home » Blog » Bridging the GDPR Gap

January 28, 2021

Sally Eastwood Associate Partner

After 47 years, 31 December 2020 saw the UK finally depart the European Union single market. A new trade deal of course has been struck, which brings significant changes for businesses who trade with Europe, but many issues still need to be negotiated in the coming months; one of these being around data and how it is held and transferred between the UK and EU moving forward.

UK data protection law was previously governed by the GDPR, and has been since it was introduced in 2018. This ceases to have direct effect as of 1 January 2021, but as the UK is committing to maintaining an equivalent data protection standard, the UK-GDPR will apply going forwards. The Data Protection Act 2018 (DPA 2018) also remains in place with some technical amendments.

The UK-GDPR is essentially a duplicate of the GDPR, containing all of the same obligations and duties, but tailored specifically for the UK. Processing previously covered by the GDPR now falls under the UK-GDPR. For businesses operating solely in the UK, in practice there is little change to the core data protection principles, rights and obligations, but there are implications for the rules on transfers of personal data between the UK and the EEA.

Adequacy

The UK Government are currently seeking adequacy from the European Commission – a recognition that UK laws provide a level of data protection that matches the GDPR, and granting the country a special status of adequacy. A number of countries have already been granted adequacy, meaning that transfers of data can take place between the third country (a state that falls out of the GDPR zone) and the EEA as if the country were a member state, effectively.

As part of the trade deal, the EU has agreed to delay data transfer restrictions for at least four months, potentially extending to six (known as the bridge). This means that the UK isn’t considered as a third country as yet, and the personal information of EU citizens will continue to be sent freely to the UK, until an agreement on adequacy is reached.

Time to Act

If you receive personal data from the EEA, it’s recommended that you put alternative safeguards in place before the end of April, if you haven’t done so already. Whilst it is hoped that adequacy will be approved, it is not a done deal and businesses should be mindful of the fact that the GDPR will still apply to you if you offer goods or services to persons in the EEA in terms of how data is processed. It will also apply to organisations in Europe who send data to you, as they will need to comply with UK legislation, if the trade deal bridge ends without adequacy.

If you require further information relating to the data protection obligations of your business, please contact Farleys Solicitors on 0845 287 0939 or contact us by email.

Contact Us Today

We're here to help.
Call us on 0845 050 1958

Your name*
Your Email*
Your Phone Number*
Location
Service of Interest
How can we help?*
Newsletter Signup*
We regularly send out email newsletters on a range of topics. If you are interested in staying up to date and signing up to our mailing list please click yes. If you click yes, we will send you an email with a link to sign up to the newsletters of your choice. You can opt-out at any time.

Get in touch

Call us now on:

01254 606008

What Our Clients Say

We truly value and appreciate the feedback we receive from our clients, as we look to improve the services we offer on an ongoing basis

Adequacy

Time to Act

Contact Us Today

Farleys Mailing List

Related Services

Related Articles

GDPR Fines: Google Hit With a £44 Million Fine

Do E-Receipts Breach General Data Protection Regulations?

160% Rise in Data Protection Breach Complaints

Get in touch

What Our Clients Say