Our global pages
Close- Global home
- About us
- Global services/practices
- Industries/sectors
- Our people
- Events/webinars
- News and articles
- Eversheds Sutherland (International) Press Hub
- Eversheds Sutherland (US) Press Hub
- News and articles: choose a location
- Careers
- Careers with Eversheds Sutherland
- Careers: choose a location
EU-UK data transfers post Brexit – Update
- Ireland
- Privacy, data protection and cybersecurity
11-01-2021
EU to UK Data Transfers
The United Kingdom left the EU at 11pm on 31 December 2020 and as of then, for the most part, the United Kingdom is now considered as a ‘third country’ under European Union rules.
However, the UK-EU Trade and Cooperation Agreement agreed on 24 December 2020 (the “Withdrawal Agreement”) grants a reprieve in respect of data transfers between the EU and the United Kingdom.
The Withdrawal Agreement provides that personal data can flow freely to the UK (without the need for additional measures) for (i) a period of four months (which can be extended for a further two months if neither party objects), or (ii) on the date the UK is provided with an Adequacy Decision (under Article 45 of the GDPR), whichever is the earlier (the “Grace Period”).
What this means in practice, for the duration of the Grace Period, is that if an EU based company transfers personal data to the UK, it can continue to do so without having to do anything further.
Following the expiration of the Grace Period, and if an Adequacy Decision is not approved by the European Commission, the UK will be considered as a ‘third country’ for the purposes of the GDPR. This means that personal data transfers from the EU to the UK will be considered "restricted transfers" unless EU data exporters take further measures to ensure adequacy for personal data. Such measures include entering into EU standard contractual clauses (“SCCs”) or implementing binding corporate rules (“BCRs”), or relying on derogations under the GDPR.
UK to EU Data Transfers
The UK government has already determined that it considers all EU 27 and EEA Member States to be adequate for the purposes of data protection, ensuring that data flows from the UK to the EU/EEA remain unaffected for the moment.
Our data protection team will keep you updated in relation to any developments in this area.
For further information on this topic please contact:
Marie McGinley, Partner and Head of IP, Technology & DP - mariemcginley@eversheds-sutherland.ie
Emma Quinn, Solicitor in IP, Technology & DP – emmaquinn@eversheds-sutherland.ie
Tom Murray, Solicitor in IP, Technology & DP – tommurray@eversheds-sutherland.ie
- High Court grants release from collateral undertaking relating to the use of documents under a Worldwide Freezing Order
- COVID-19 vaccine fraud on the increase
- Missing pieces: the jigsaw of development sites
- Unauthorised payment fraud – Commercial Court supports recovery efforts
- Personal Injury Claims Bulletin: March 2021 Edition