Skip to content
Guidance · EDPB ·note-on-data-transfers-under-the-gdpr-to-the-united-kingdom EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

Information note on data transfers under the GDPR to the United Kingdom after the transition period

Summary

Adopted 1 Information n ote on data transfers under the GDPR to the United Kingdom after the transition period Adopted on 15 December 2020 T he transition period for the United Kingdom’s withdrawal from the European Union will end on 31 December 2020 . This means that as of 1 January 2021, the UK will no longer apply the GDPR to the processing of personal data and a separate legal framework reg arding data protection will be in force in the UK . Consequently, as of 1 January 2021 , all…

How it connects

Full text

Adopted 1 Information n ote on data transfers under the GDPR to the United Kingdom after the transition period Adopted on 15 December 2020 T he transition period for the United Kingdom’s withdrawal from the European Union will end on 31 December 2020 . This means that as of 1 January 2021, the UK will no longer apply the GDPR to the processing of personal data and a separate legal framework reg arding data protection will be in force in the UK . Consequently, as of 1 January 2021 , all transfers of personal data between stakeholders subject to GDPR and UK entities will constitute a transfer of personal data to a third country and therefore will be subject to the provisions of Chapter V GDPR. In the absence of an adequacy decision applicable to the UK as per Article 45 GDPR, such transfer s will require appropriate safeguards (e.g., standard data protection clauses, binding corporate rules 1 , codes of conduct...), as well as enforceable dat a subject rights and effective legal remedies for data subjects, in accordance with Article 46 GDPR. Subject to specific conditions, it may still be possible to transfer personal data to the UK based on a derogation listed in Article 49 GDPR . H owever, Art icle 49 GDPR has an exceptional nature and the derogations it contains must be interpreted restrictively and mainly relate to processing activities that are occasional and non - repetitive 2 . Moreover, where personal data are transferred to the UK on the basi s of Article 46 GDPR safeguards, supplementary measures might be necessary to bring the level of protection of the data transferred up to the EU standard of essential equivalence , in accordance with the Recommendations 01/2020 on measures that supplement t ransfer tools to ensure compliance with the EU level of protection of personal data 3 . 1 S ee EDPB information note on BCRs for Groups of undertakings / enterprises which have ICO as BCR Lead SA , https://edpb.europa.eu/our - work - tools/our - documents/other/information - note - bcrs - groups - undertakings - enterprises - whic h - have_en 2 See Guidelines 02/2018 on derogations of Article 49 under Regulation 2016/679 , https://edpb.europa.eu/our - work - tools/our - documents/directrices/guidelines - 22018 - derogations - article - 49 - under - regulation_en 3 See Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of per sonal data , https://edpb.europa.eu/our - work - tools/public - consultations - art - 704/2020/recommendations - 012020 - measur es - supplement - transfer_en Adopted 2 C ontrollers and/or processors will also need to comply with other obligations deriving from the GDPR , in particular on the need to update the records of processing and pr ivacy notices to mention transfers to the UK . The EDPB recalls the guidance provided on this matter by supervisory authorities and by the European Commission (EC) . EEA organisations may turn, if necessary, to the national supervisory authorities competent to oversee the related processing activities . For data transfers from the UK to the EEA, the EDPB would suggest regularly consulting the UK Government’s website and the ICO’s website for up - to - date guidance. For the European Data Protection Board The Chair (Andrea Jelinek) _________________________

Similar Content