The European Union member states agree that British standards for personal data protection are conducive to the free flow of information between the EU and Brexit.
The EU General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a newly introduced data protection law. It is a strict security and privacy rule drafted and passed by the EU that regulates organizations that collect or target data related to the EU.
This regulation was imposed in 2018, on the 25th of May. Harsh fines are to be put on those who violate the security and privacy standards set forth by the GDPR. Europe uses the GDPR to signal its strong stance on data security and privacy due to the increased use of cloud services that can be breached.
Data sharing agreement
The European Union states have reached an agreement on UK standards being high enough to protect personal data, so information can continue to be exchanged between the EU and Brexit nations. Business associations welcomed this move following similar EU data “adequacy decisions” on Canada, Japan, Israel, Argentina, Switzerland, and New Zealand.
The EU uses Adequacy Decisions to determine if a country outside of the European Union has an adequate level of data protection and can be trusted with the data of local consumers. Here is how an adequacy decision takes place:
- The European Data Protection Board’s Opinion
- European Commission has to give a proposal
- The European Commission needs to adopt the decision
- The EU countries have to approve
The decision affects personal data flow between EU and third countries, as they will not need to safeguard the data further. Countries regarded to have adequate protection so far by the European Commission are Guernsey, Japan, Israel, Faroe Islands, Isle of Man, Uruguay, Switzerland, Jersey, New Zealand.