The transfer of personal data to the UK will be easier as the UK is approved by the European Commission as a “safe third country”.
Third-country transfers
“Third country” means the transfer of personal data outside the EU and EEA, and third country transfers are also referred to as international transfers. In connection with the UK’s withdrawal from the EU, the GDPR’s rules on international transfers have become relevant when transferring personal data to the UK. Processing of personal data requires a legal basis, also known as a legal basis, regardless of whether it is an international transfer or a national processing of personal data. In the case of third-country transfers, there must either be an adequacy decision from the EU Commission, a transfer basis applicable to the “unsafe third countries” or that the transfer falls under the exception in the GDPR, where there is no requirement for a transfer basis.
Transfer of personal data to the UK
The European Commission has approved the UK as a “safe third country”, which means that the transfer of personal data to the UK will be easier, as companies can now freely transfer personal data there without having to obtain specific approval. Such approval is also called an adequacy decision, which means that the European Commission assesses that the country in question has an adequate level of protection for the processing of personal data. At present, the European Commission has approved 11 countries outside the EU.
What do you as a company need to be aware of?
As a company, it is important to be aware that not all international transfers of personal data are approved by the European Commission. Countries that are not approved by the EU Commission are referred to as “unsafe third countries”. Specifically, this means that the rules differ depending on which country personal data is transferred to and what circumstances apply. At Raadgiver.dk, we recommend that you clarify at least the following:
- Which third country is the personal data transferred to?
- Which transfer basis can be used?
- Are the disclosure obligations fulfilled?
- Is there an adequate level of security?
You can also read more about GDPR here.
Contact a specialist
If you need clarification in relation to a specific case, have general questions or something else entirely, contact us, we are ready to help.