Importance of protecting your data
If your organisation receives and transfers personal data to/from organisations abroad, including the European Economic Area (EEA), which includes the EU, or operates in the EEA, please see the updates below.
Receiving personal data from the EU/EEA and third countries which have EU adequacy decisions
The EU has now formally adopted ‘adequacy decisions’ for the UK. These allow for the ongoing free flow of personal data from the EU/EEA to the UK.
All 12 of the third countries deemed adequate by the EU are maintaining unrestricted personal data flows with the UK.
The European Commission has so far recognised the following as providing adequate protection:
- Canada (commercial organisations)
- Faroe Islands
- Isle of Man
- New Zealand
Personal data flows from the UK
There are no changes to the way you send personal data to the EU/EEA, Gibraltar and other countries deemed adequate by the EU.
For international data transfers from the UK to other jurisdictions, further information can be found on the ICO website.
Data protection and GDPR
The UK’s data protection regime is set out in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The Information Commissioner is the UK’s independent supervisory authority on data protection.