Following several months of assessment, the European Commission has adopted two adequacy decisions for transfers of personal data to the UK, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive. This decision will allow personal data to flow from Europe to the UK safely. The Commission said that the data would benefit “from an essentially equivalent level of protection” to that guaranteed under EU law.

The decision, which includes a sunset clause, will be reviewed after four years. This means that any extension beyond four years requires a review of the UK’s data protection system.

The Trade and Cooperation Agreement reached between the two sides did not cover in detail the issue of data protection; rather it included a commitment by both the UK and the EU to ensure high levels of data protection were maintained.