Until 1 July 2021, the transition period for transferring personal data to the UK has been extended under the current rules; It is the so-called bridging agreement regarding the country’s departure from the European Union, the Office for Personal Data Protection reported in a press release.
According to the Personal Data Protection Office, the so-called passage clause was included in the final provisions of the Trade and Cooperation Agreement between the European Union and the European Atomic Energy Community, on the one hand, and the United Kingdom of Great Britain and Northern Ireland, on the other hand, which would govern the future relationship between the European Union and the Kingdom. United.
Personal data protection bureau confirmed that according to art. FINPROV 10A of the Agreement, which establishes transitional provisions for the transfer of personal data to the United Kingdom, these transfers shall not be considered provisionally as transfers to a third country.
“Consequently, entrepreneurs or public entities will not be required to fulfill the additional requirements stipulated in the provisions of the General Data Protection Regulation (GDPR). This also applies to the additional requirements for international data transfers specified in the Law of 16 September 2011 on information exchange with enforcement authorities. Law in member states of the European Union, third parties, European Union agencies and international organizations “- the office wrote in a statement.
The Personal Data Protection Office indicates that the transitional period will end on July 1, 2021 at the latest, that is, six months after January 1, 2021. As noted, the agreement provides for a period of four months, but it will be automatically extended for another two months, unless one of the parties objects Agreement to it. The transition period may also end earlier, when the European Commission issues appropriate implementation decisions for the UK.
In the office letter, it was emphasized that the European Commission, in announcing the adoption of the suitability decision in relation to the United Kingdom, had declared its readiness to initiate formal action in this regard quickly. However, before such decisions are made, an assessment of the UK’s personal data protection law and its enforcement practices will be necessary in light of the jurisprudence of the European Union Court of Justice. Submission of data on the basis of a decision of the European Commission will be possible without additional conditions being met.
However, if the European Commission does not issue an adequate level of protection order during that period, the transfer of data to the UK after the end of the transition period requires in the first instance the application of the safeguards set out in the GDPR (such as standard contractual clauses or binding company rules) .
The free flow of data during the transition period will depend on the UK’s compliance with provisions on personal data protection based on EU law, namely the General Data Protection Act and Directive (EU) 2016/680, applied on December 31, 2020. The UK will not be able to exercise its jurisdiction over International data transfers during the transition period. The Information Commissioner’s Office (ICO) will no longer participate in the Single Window Mechanism.
From 1 January 2021, the OSS will no longer apply to the UK’s cross-border data processing and the Office of the Ombudsman will no longer share the information (ICO).
As the office stated in the press release, negotiations between the European Union and Great Britain on the agreement were concluded on December 24, that is, before the end of the current transitional period. On December 29, the Council of the European Union decided to sign the agreement and implement it provisionally. The agreement was officially signed by both parties on December 30. Its entry into force will be subject to the fulfillment of further procedural requirements, including approval by the European Parliament, which may be granted in early 2021. Therefore, the agreement is set to be implemented provisionally from January 1, 2021, which may not last until January 28. February 2021
The Personal Data Protection Office also announced that it will monitor the progress of ongoing work and update the information provided, if necessary.