top of page

Data Protection: GDPR and Post-Brexit

On 31 January 2020, UK officially withdrew from the European Union. Among the many terms in negotiation previously made in December 2020, transfer of personal data fell to the governance of UK-EU Trade and Cooperation Agreement (TCA) in a provisional capacity. In this article, Yan Incorporation reports the progress in data protection and the consequences for businesses.

Trade and Cooperation Agreement

Under the TCA, a specific bridging clause guarantees the flow of data between the EEA and UK. Nevertheless, as an interim regime of 6 months from the first day of 2021, a definite solution pertaining to the subject at hand is necessary. On top of that, the clause stands only in the event that no changes in data protection regime are committed by the UK.

Recent progress

Two adequacy decisions have been launched by the Commission on 19 February 2021, respectively under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). These drafts are the first steps towards adoption and therefore need to undergo an extensive process to be finalized.


Up to the present time, the European Commission is awaiting the opinion of the European Data Protection Board (EDPB). Consequently, a request for a green light from EU Member States’ representatives in a comitology procedure will be made. Upon confirmation, the European Commission will de facto be able to adopt these adequacy decisions.

GDPR: One law, Two versions

In the process of Brexit, the UK selected which European laws to preserve and GDPR was one among those. Denominated “UK GDPR”, along with the Data Protection Act 2018, the variant stipulates similar rights, obligations, rules and systems as the original.

Věra Jourová, Vice-President for Values and Transparency, said: “Ensuring free and safe flow of personal data is crucial for businesses and citizens on both sides of the Channel. The UK has left the EU, but not the European privacy family.”

Consequences for EU companies

Based on whether one company has UK offices, a GDPR representative may need to be appointed. Apart from that, no major changes are likely to occur.

Would you like to stay ahead of trends and developments?

Plan a consultation with us


14 views0 comments


Post: Blog2_Post
bottom of page