Earlier this year we wrote 'A plain English guide to UK / EU data transfers in 2021' which outlined the UK’s position regarding the free flow of data between itself and the EU. While the EU’s previous record for the quickest granting of an adequacy agreement was 18 months (with Argentina), we predicted in the case of the UK, “the probability of an adequacy decision being made before the 30th June is pretty high.” And we’re a lot closer to knowing whether we were right or not.
One step closer
Our prediction came one step closer on the 19th February 2021, when the European Commission kick-started the process towards full ‘data adequacy’ by confirming the UK met the equivalent level of protection to the EU GDPR and the Law Enforcement Directive. The responsibility for reviewing the Commissions decision now lies with the European Data Protection Board, which itself will give an opinion and make any final adjustments before passing the final decision is to the European Council.
That may seem like a lot of hoops still to jump through, but by European Union standards, this data adequacy process is being pushed through at lightning speed.
What does this mean long term?
For continued access the Commission did make a few noteworthy stipulations – specifically they want to ensure the UK "remains a member of the European privacy family" by continuing to adhere to both:
1. Convention 108 of the Council of Europe (a binding multilateral instrument on data protection)
2. The European Convention on Human Rights
In other words, if the UK significantly changes its laws on either of the above (so that it deviates significantly from the EU’s versions) then the EU can still pull the plug on the adequacy agreement in the future. This is extremely unlikely though, which means the path towards a formal data adequacy should be relatively clear.
Long term we should see the UK Government hesitate before amending the above laws and the data adequacy agreement is just a matter of time. This is great news for all businesses that use UK based data centres and cloud solutions and/or use EU data storage, not to mention the UK economy.
What do you need to do?
While this is all very good news and UK businesses can relax since there probably won’t be any significant data protection changes coming any time soon, it’s important not to get complacent with your data storage policy.
- If you need to review your data storage to check where and how your data is stored, you should still do this to ensure you are compliant with data protection laws.
- Bear in mind for the future that if the UK Government starts to review Convention 108 of the Council of Europe or The European Convention on Human Rights this could lead to the removal of the UK’s adequacy agreement down the line, so you should get prepared.
And if this whole situation has created too much uncertainty for you, you still have the option of adopting a 100% UK-based data storage policy to completely side-step these issues. We at 4D host our managed infrastructure services within our UK data centres, and are ready to deliver any of your colocation, cloud, or connectivity requirements, so get in touch if you want to talk to one of our experts and learn more.