This mechanism remains valid for British companies that send data to the US under the Privacy Shield agreement (and US organizations that receive DATA from the UK under Privacy Shield), but the text of the data protection shield privacy policy needs to be updated. Under the agreement, a transitional period is in effect until 31 December 2020, during which current EU rules will continue to be applied by the UK and can begin negotiations on the way forward (the option to extend the transition period has been removed from the most recent version). During this transitional period, the UK government and the EU will ideally negotiate a data protection agreement that meets the needs of both parties, whether it is an adequacy decision, a data protection shield agreement or another agreement allowing the free flow of data between the UK and the EU. The UK and EU said they are „committed to ensuring a high level of protection of personal data to facilitate such flows between them“ and hope to have agreements reached by the end of the transition period. As far as Brexit is concerned, this means that the UK could use SSCs if a data transfer agreement is not formalised as part of a negotiated exit. If a negotiated exit does not contain a provision for data transfers or if a non-agreement scenario is achieved, the UK must wait an indeterminate period before reaching an adequacy agreement, creating an even greater need for mechanisms such as SCCs. After this transition period, if no agreement, agreement or trade agreement is reached between the UK and the EU, the UK will leave the country in a non-agreement scenario and become a `third country`. As the CSO has already pointed out, UK organisations and organisations that carry out UK activities that receive personal data from the EU must, in such a scenario, ensure that they have additional legal controls, such as standard contractual clauses or binding business rules, to ensure compliance with the RGPD. The RGPD and EU fines continue to be imposed on third countries when dealing with personal data of EU citizens. The development of the 2018 CCA was an important part of this commitment. As soon as the UK leaves the EU, it is granted `third country` status, a classification that requires countries to maintain strong data legislation offering protection equivalent to that of the EU. This Sovin, called the Adequacy Agreement, aims to ensure that data belonging to people within the EU is protected when it is transferred to a country outside their jurisdiction. If a adequacy decision is not adopted, another option could be a data protection shield agreement currently in place between the UK and the US.

After years of turmoil, the UK finally seems to have an agreement defining how it will leave the European Union (EU). Prime Minister Boris Johnson`s withdrawal deal shares many similarities to the withdrawal agreement put forward by his predecessor Theresa May, particularly with regard to data protection requirements. A negotiated agreement is now seen as the only way to ensure that the UK is able to obtain EU authorisation for the transfer of data to the UK, although there is no guarantee that an agreement will contain this provision. However, the United Kingdom has now voted in favour of leaving the European Union and is therefore no longer subject to EU legislation introduced after that withdrawal date.

Categories: Allgemein