As of 1 January 2021, the Brexit transition period (Transition Period) ended, and the United Kingdom (UK) officially finalized its exit from the European Union (EU) and the 11th-hour commercial agreement (Agreement) should allow for a smoother transition on the data protection front as the General Data Protection Regulation (GDPR) stops being directly applicable to the UK. It also provided the UK with a six-month grace period to hope for an adequacy decision that would allow for the free transfer of personal data from the EU to the UK.
As the European Data Protection Board (EDPB) amended on 13 January 2021 its Brexit communications² further to the Agreement (Communications), it only addresses:
- The issue of data transfers from the EU to the UK;
- The end of the One-Stop-Shop (OSS) mechanism for the UK; and
- The need for UK entities that would be subject to GDPR to appoint a representative further to Art. 27 GDPR.
However, aside from enacting the end of the OSS and commenting that “the EDPB has been liaising with the ICO [Information Commissioner’s Office, the UK’s Supervisory Authority] over the past months in order to enable a smooth shift to this new situation by ensuring that the EEA authorities follow a shared and efficient approach in handling the existing complaints and cross-border cases involving the ICO, whilst minimizing delays and possible inconveniences to affected complainants[,]” the EDPB did not comment on how such collaboration will effectively play out for companies whose lead Supervisory Authority was the ICO.
Read the full article on Radar First blog.