The United Kingdom had transposed the European Data Protection Regulation (RGPD) to its domestic regulation (Data Protection Act 2018), also having a complementary national data protection standard adapted to the RGPD, very similar to what was carried out by the rest of the community countries, both standards being applicable.
On January 31, 2020, the Brexit agreement whereby the United Kingdom leaves the European Union (EU) enters into application, in that agreement a transitional period of one year of application of all EU legislation in the United Kingdom is established, therefore, throughout the past year 2020, the data protection regulations were recognized as they had previously been applied.
Following this transitional year, on January 1 this year, the UK abandoned the single market and the EU customs union, as well as all its policies. As a result, it lost all the rights and benefits it had as a Member State of the EU and will not be able to benefit from the international agreements of the Union.
In order to limit disturbances as much as possible, a “Trade and Cooperation Agreement” (TCA) has been signed between the European Union and the United Kingdom.
With this scenario, the United Kingdom finds itself in the situation that the RGPD is no longer mandatory as it is for the rest of the countries of the Union, so it would be necessary for it to approve a data protection standard that encompasses both the scope of the Regulation and its additional rule.
The aforementioned ATT has a professional regime or rather a “bridging clause” that guarantees full continuity of data flows between the European Economic Area and the United Kingdom without the need for companies and public authorities to need to set up any other tool. transfer, but this solution is applicable exclusively for a maximum period of 6 months, which will end on June 30, 2021
Looking ahead, on February 19, the Commission started the procedure for the adoption of two decisions on the adequacy of transfers of personal data to the United Kingdom: The first to be able to carry out international data transfers, in accordance and with the guarantees that offers us the RGPD, and the second for data in the criminal and judicial field (in application of Directive 680/2016, which in Spain has not yet been transposed)
At this time, therefore, and until June 30, international data transfers can be made to the United Kingdom as if they were cross-border movements within the European Economic Area, pending approval of the adequacy decisions by European authorities to make future international transfers with the country viable.
María Galera, Equal Editorial Office.