The European Union has officially classified UK data protection practices as “adequate” under GDPR, permitting the free flow of data between the pair after the temporary post-Brexit arrangement comes to an end this week.
However, the new agreement will expire in four years’ time, after which it will need to be renegotiated. This sunset clause acts as insurance for Brussels, which has warned it will rescind the ruling should the UK diverge from GDPR in years to come.
“The UK has left the EU but today its legal regime of protecting personal data is as it was. Because of this, we are adopting these adequacy decisions today,” said Věra Jourová, VP for Values and Transparency at the European Commission (EC).
“[However], we have significant safeguards and if anything changes on the UK side, we will intervene,” she added.
GDPR post-Brexit
The EU decision will be met with relief by businesses on both sides of the equation, who could have faced a host of challenges if an agreement was not reached.
If the EU ruling had not been favorable, UK businesses would have had to make costly arrangements with European partners to ensure data could still be passed to and fro, and the exchange of data would likely have slowed to a crawl for a period, impeding collaboration and innovation.
“After months of careful assessments, today we can give EU citizens certainty that their personal data will be protected when it is transferred to the UK,” explained Didier Reynders, EC Commissioner for Justice.
“This is an essential component of our new relationship with the UK. It is important for smooth trade and the effective fight against crime.”
Oliver Dowden, the UK Culture Secretary, also expressed his delight with the outcome of negotiations, citing similar benefits.
However, pro-Brexit commentators are less enamored with the arrangement. The British government enshrined GDPR into UK law in an effort to secure the adequacy ruling, but some have suggested the country has wasted an opportunity to gain a competitive business advantage by cutting away GDPR red tape.
“The fact is that GDPR doesn’t work in Europe, it doesn’t work here,” asserted Iain Duncan Smith, Conservative MP.
“If the EU doesn’t watch out it’s going to get left behind as the rest of the world has a more flexible form of regulation over data, while the EU becomes almost impossible to do business with.”
Via The Telegraph