Data Protection

Data protection and commercial transfers of personal data are regulated at the European Union level and there is a range of measures that enable such transfers to and from third countries.

At the end of the Transition Period on 31 December 2020, the UK became a third country. Typically this would mean that transfers of personal data to the UK could continue but they must comply with the rules and safeguards for transferring such data to non-EU countries as outlined in Chapter V of the EU General Data Protection Regulation (GDPR) or in the Law Enforcement Directive (LED).

However, the EU-UK Trade and Cooperation Agreement includes a bridging mechanism, subject to certain conditions, such that for a specified period (six months or the adoption of adequacy decisions, whichever is earlier) transmission of personal data from the EU to the UK is not regarded as a transfer to a third country.

See the Data Protection Commission’s latest Brexit Guidance note for information here.

See the European Data Protection Board FAQs on the Schrems II judgement here.

Click Brexit and Business to return to the Brexit and Business page.