Following Brexit, the UK now has the ability to adopt its own decisions in relation to adequacy for personal data transfers. Today, the government has set out the first territories which it will prioritise for its data transfer adequacy decisions. These territories will include the United States, Australia, the Republic of Korea, Singapore, the Dubai International Finance Centre and Colombia. The government has also confirmed that it will prioritise future adequacy decisions with India, Brazil, Kenya and Indonesia. The government has stated that the adequacy decisions will aim to “build significantly on the £80 billion of data-enabled service exports to these 10 destinations from the UK every year”.
In addition, materials and details of the processes used to carry out assessments and make adequacy decisions have been published. These include;
- “International data transfers: building trust, delivering growth and firing up innovation” guidance, which sets out the government’s data policy and provides information on the legislative provisions for adequacy decisions.
- The Manual Template and The Manual Guidance which provide a framework with the aim of informing the technical and systematic assessment of data protection standards in other countries.
The government also plans to consult on the future of the country’s data regime, which “will focus on growth and innovation, while still being underpinned by secure and trustworthy privacy standards”.
These announcement follows the European Commission’s adoption of an adequacy decision for the UK earlier this year, and provides some clarity from the UK Government on their vision for a post-Brexit data protection regulatory landscape. However, it remains to be seen how the UK’s independent policies in data protection may impact upon the UK’s own adequacy decision, with the European Commission making it clear that it will closely monitor any divergence in UK data protection laws and policies from those in the EU, particularly in relation to onward transfers of personal data and UK decisions on third country adequacy.
In addition, the government has today named New Zealand Privacy Commissioner, John Edwards, as its preferred candidate to be the UK’s next Information Commissioner. John Edwards would succeed the current Commissioner Elizabeth Denham.
To help navigate the post-Brexit regulatory position, download our updated GDPR app. The app now includes both EU and UK versions of the GDPR. For more information, visit our GDPR App webpage.