Global menu

Our global pages

Close

EU-UK data transfers post Brexit – Update

  • Ireland
  • Privacy, data protection and cybersecurity

11-01-2021

EU to UK Data Transfers

The United Kingdom left the EU at 11pm on 31 December 2020 and as of then, for the most part, the United Kingdom is now considered as a ‘third country’ under European Union rules.

However, the UK-EU Trade and Cooperation Agreement agreed on 24 December 2020 (the “Withdrawal Agreement”) grants a reprieve in respect of data transfers between the EU and the United Kingdom.

The Withdrawal Agreement provides that personal data can flow freely to the UK (without the need for additional measures) for (i) a period of four months (which can be extended for a further two months if neither party objects), or (ii) on the date the UK is provided with an Adequacy Decision (under Article 45 of the GDPR), whichever is the earlier (the “Grace Period”).

What this means in practice, for the duration of the Grace Period, is that if an EU based company transfers personal data to the UK, it can continue to do so without having to do anything further.

Following the expiration of the Grace Period, and if an Adequacy Decision is not approved by the European Commission, the UK will be considered as a ‘third country’ for the purposes of the GDPR. This means that personal data transfers from the EU to the UK will be considered "restricted transfers" unless EU data exporters take further measures to ensure adequacy for personal data. Such measures include entering into EU standard contractual clauses (“SCCs”) or implementing binding corporate rules (“BCRs”), or relying on derogations under the GDPR.

UK to EU Data Transfers

The UK government has already determined that it considers all EU 27 and EEA Member States to be adequate for the purposes of data protection, ensuring that data flows from the UK to the EU/EEA remain unaffected for the moment.

Our data protection team will keep you updated in relation to any developments in this area.

For further information on this topic please contact:

Marie McGinley, Partner and Head of IP, Technology & DP - mariemcginley@eversheds-sutherland.ie

Emma Quinn, Solicitor in IP, Technology & DP – emmaquinn@eversheds-sutherland.ie

Tom Murray, Solicitor in IP, Technology & DP – tommurray@eversheds-sutherland.ie 

Print Friendly and PDF

© Eversheds Sutherland 2021. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities.

Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.