The UK’s data protection practices are “adequate” for EU standards, according to a new ruling from the European Union.
As reported by the Guardian, this means UK businesses will be able to continue operating as usual, exchanging data with EU-based partners as they did before Brexit.
However, there is an expiry date on the ruling. The European Commission will perform another audit in four years, to establish whether the UK has remained in line with EU regulation. The European Commission also said it could change its opinion at any time, should the UK attempt to diverge from GDPR.
“The UK has left the EU but today its legal regime of protecting personal data is as it was. Because of this, we are adopting these adequacy decisions today,” said European Commission (EC) VP Věra Jourová.
She further stated that the EC “listened very carefully” to the European Parliament when assessing UK’s data practices, “in particular on the possibility of future divergence from our standards in the UK’s privacy framework”.
Three years ago, the bloc started enforcing the General Data Protection Regulation (GDPR), a set of rules governing how organizations gather, store and share data on EU-based customers. The UK government has said it will conform with most key EU data protection legislation going forward.