The most likely scenario is that from mid-2021, the provisions of Article 45 of the GDPR will apply to the flow of personal data between the UK and EU countries. This means that the European Authority Commission will have to determine an adequate level of protection and thus allow data transfers without tax formalities.
The United Kingdom General Data Protection Regulation is modelled on its European counterpart and includes extensions on matters of national security, intelligence services and immigration. Therefore, there is no reason to question the claim that they provide an equivalent level of security for individuals' data as in EU countries.
The key issue is to identify the controller's relationship in relation to the flow of personal data. We distinguish two key relationships:
Companies processing data of EEA persons must appoint a data protection representative who will also be based in the EEA and will be the contact for those persons. Contact details for the representative should be included in the information clause.
The issue of data transfers by Administrators to the UK appears to be a more complex issue as it requires an update of information on transfers of personal data. The first step is to identify all processes in which the transfer occurs. This should be followed by an update of the legal basis for the register of categories of processing activities and changes to the information obligations by adding information on transfers to non-EU countries.
Personal data protection
Contact our expert