Information Commissioner's Office
ICO statement in response to UK Government’s announcement on the extended period for personal data flows, that will allow time to complete the adequacy process
The Government has announced that the Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted, for no more than six months.
This will enable businesses and public bodies across all sectors to continue to freely receive data from the EU (and EEA), including law enforcement agencies.
As a sensible precaution, before and during this period, the ICO recommends that businesses work with EU and EEA organisations who transfer personal data to them, to put in place alternative transfer mechanisms, to safeguard against any interruption to the free flow of EU to UK personal data.
As previously announced, the UK has, on a transitional basis, deemed the EU and EEA EFTA States to be adequate to allow for data flows from the UK.
Information Commissioner, Elizabeth Denham said:
“This is the best possible outcome for UK organisations processing personal data from the EU.
“This means that organisations can be confident in the free flow of personal data from 1 January, without having to make any changes to their data protection practices.
“We will be updating the ICO guidance on our website to reflect the extended provisions and ensure businesses know what happens next. At this stage it’s good news for businesses and public bodies.
Latest News from
Information Commissioner's Office
Former RAC employee fined for stealing data of victims of road traffic incidents02/02/2023 12:15:00
A former employee of breakdown services company RAC has plead guilty and been fined for the stealing of data of victims of road traffic accidents.
Using FRT in schools – letter to North Ayrshire Council31/01/2023 12:05:00
We have issued a letter to North Ayrshire Council (NAC) following their use of Facial Recognition Technology (FRT) to manage ‘cashless catering’ in school canteens.
Building better business by responsibly unlocking the value of personal information24/01/2023 12:20:00
Ahead of Data Protection Day, the Information Commissioner’s Office (ICO) is encouraging the UK’s 5,501,000* small-and-medium-sized businesses (SMEs) to check they have the right data protection practices in place to help sustain and develop their businesses.
Change to regulation concerning communication service providers20/01/2023 16:05:00
The Information Commissioner’s Office (ICO) has written to communication service providers (CSPs) about their obligations under Regulation 5A of the Privacy and Electronic Communications Regulations 2003 (PECR).
Empowering people to foster trust in tomorrow’s technological advancements20/01/2023 14:05:00
The ICO is encouraging developers to consider privacy at an early stage when implementing new technologies to maintain public trust and confidence.
Blog: Addressing concerns on the use of AI by local authorities19/01/2023 14:10:00
A blog by Stephen Bonner, Deputy Commissioner – Regulatory Supervision
Blog: Commissioner responds to misdirected criticism of journalism code21/12/2022 16:20:00
A blog by John Edwards, Information Commissioner
Five businesses fined a total of £435,000 for making nearly half a million unlawful marketing calls08/12/2022 13:05:00
The Information Commissioner’s Office (ICO) has fined five companies a total of £435,000 for making nearly half a million unlawful marketing calls to people registered with the Telephone Preference Service (TPS).
Providing certainty on how we enforce the laws we regulate08/12/2022 12:05:00
John Edwards, UK Information Commissioner, recently set out our strategic approach to regulatory action where he said: “Members of the public, and those affected by a breach or infringement, are entitled to know that we have held the business or organisation to account, and that they have changed their practices as a result.”