Latest response by British Government to question of 'adequacy' under GDPR
Ardi Kolah BA (Hons), LL.M, CIPP/E, CIPM, FIP
Previously Senior Global Privacy Specialist, Global DPO Office, Dentons and Global DPO, Cohen Veterans Bioscience (New York)
Question raised by Stephen Timms MP (Labour Party):
"The tech sector’s No. 1 Brexit concern is that, when we leave, it will become unlawful to send personal data from Europe to UK firms unless the European Commission has declared our data protection arrangements to be adequate. What steps are being taken to secure that declaration in time?"
Answer by Matthew Hancock MP, Minister of State, Department for Culture, Media and Sport (Digital Policy) :
"This is a very important point. It is vital to make sure that we have an unhindered flow of data between the UK and the EU, and indeed other trading partners around the world such as the US. We are implementing the General Data Protection Regulation (GDPR) in full, to make sure that we can have that unhindered flow of data."
This announcement follows on from a previous statement by Matthew Hancock MP, reported in this blog.
For information about the GDPR Transition Programme at Henley Business School, click here.
Group DPO & Head of Data Protection (UK & EU)
8 年In the absence of an adequacy decision in the short term, would contractually signing up to the "model clauses" not be an option?
There are 2 different issues here. Implementation of GDPR and adequacy finding for data transfers. A country can copy and paste EU privacy law but that doesn't mean it will be judged to have an equivalent level of protection to the EU. The UK Gov is committed to implement and enforce GDPR. However the Brexit eliminates the obligations of the UK as part of the EU fundamental rights charter as well as any limitations ECJ jurisprudence puts on the national security and public order exemptions. Consequently one of the possible scenario is that for the U.K. to be found adequate it will have to put in place an agreement similar to Privacy Shield self-restraining some of its intelligence activities. It all remains to be seen as part of the Art50 negotiation
Previously Senior Global Privacy Specialist, Global DPO Office, Dentons and Global DPO, Cohen Veterans Bioscience (New York)
8 年There's lots of negotiation ahead once Art.50 has been triggered but the European Commission hold the ICO in extremely high regard, so don't be surprised if the UK has a leading role in DP matters across the EU - including GDPR - through the transition period and beyond..
Independent policy advisor: online safety, technology & human rights. PhD, DipM. Published author & post-doctoral scholar. UK and EU. Former tech journalist. Experienced panelist & Chair. Media savvy.
8 年Exactly. The point is not whether we implement the GDPR, but whether the European Commission will give us an adequacy decision - i.e. it will accept that, as a third country (to the EU) we offer adequate safety for EU citizens data.