The European Commission issued a letter earlier this week confirming that the UK is complying with data protection requirements. This means that the transfer of data from EU countries to Great Britain is secure and does not require additional permits.
After the withdrawal of Great Britain from the European Union at the beginning of 2020, a problem arose regarding ensuring the security of data transmitted by European countries to the islands. Therefore, the necessary work has been undertaken to regulate this issue, for which the European Commission has requested Regulation (EU) 2016/679 of the European Parliament and Council (GDPR).
Before issuing the decision, the European Commission conducted a comprehensive analysis of the legal system of Great Britain, ensuring the protection of data transmitted to this country as well as in the countries of the European Union.
When drafting the document, the European Commission exercised the authority specified in Art. 45 seconds. 3 General Data Protection Regulation (GDPR), under which you may adopt, by way of an implementing law, a resolution that a third country, territory, or specific sector or sectors of that third country or international organization ensure an adequate level of protection.
It was necessary to adopt such a decision because the so-called specific period, previously negotiated by the EU and the UK, during which the transfer of personal data from the EU to the UK was not considered as a transfer to a third country.
Interestingly, the decision includes a seldom used legal mechanism known as the “time-out clause”. This means that it has been adopted for a specific period and will expire on June 27, 2025. It is possible that the period of its application will be extended. This solution is to enable the European Commission to monitor on an ongoing basis the actual and legal framework on which the adequacy decision depends.