European Union member states have agreed that British standards for the protection of personal data are sufficiently high that such information can continue to flow between the EU and its former member, the European Commission said on Thursday.
Their backing will allow the Commission to adopt two adequacy decisions before the end of June to allow a seamless transition at the end of a six-month grace period during which flows were allowed after Britain’s final exit from the bloc.
The decisions relate to the EU’s overarching General Data Protection Regulation (GDPR) and to a directive on the processing of personal data connected with criminal offences, particularly for victims, witnesses and suspects.
Global software alliance BSA said it welcomed the EU member states’ endorsement, commenting that adequacy frameworks were pivotal for personal data transfers of thousands of businesses operating in Europe.
The EU has previously recognised as adequate the data standards of other countries, such as Argentina, Canada, Israel, Japan, New Zealand and Switzerland.
Georgina Kon, technology specialist partner at law firm Linklaters, said businesses could breathe a sigh of relief.
“However, due to the uniqueness of the UK decision (which has no end-date but is subject to constant review), we know that the European Commission will be watching the UK closely,” she said, adding it would particularly watch Britain’s planned liberalisation of its data transfer regime.