To ask the Secretary of State for Digital, Culture, Media and Sport, what assessment he has made of the potential effect on British (a) businesses and (b) citizens of the UK not receiving EU data adequacy recognition by the end of the transition period; and what contingency plans he has in place from 1 January 2021 in the event that the UK has not received EU data adequacy recognition.
14 December 2020
If at the end of the transition period the UK has not received fully ratified data adequacy decisions, and if the appropriate protections are not put in place, EU organisations sending data to the UK could be operating unlawfully and face regulatory action. This could mean organisations cease to send personal data to the UK.
To avoid this, businesses and other organisations should put in place alternative legal mechanisms to continue the transfer of personal data. Standard Contractual Clauses (SCCs) are the most common legal safeguard and will be the relevant mitigation for most organisations. The Government has issued guidance on GOV.UK and the ICO’s websites and is engaging directly with organisations on the need to prepare.