Big steps for safe international data transfers

FEDMA is very pleased that the EU institutions granted adequacy to the UK. FEDMA supported this decision so as not to block data transfers between the UK and the EU. UK DMA CEO, Chris Combemale, said: “A positive decision on data adequacy is a huge relief for thousands of businesses across the UK (…). “The UK DMA has been working with the UK Government and our DMA partners from across the EU since the Brexit deal negotiations began to impress the fundamental importance of this agreement. The UK can now progress new data legislation, such as the crucial National Data Strategy, knowing that a high-standards and innovation-focussed approach rests in harmony with the European perspective. We look forward to a strong relationship with Europe and the rest of the world in matters of data transfers and standards.”

The European Commission now published its draft adequacy decision for South Korea.

The EDPB adopted its final recommendations on supplementary measures to complete the Standard Contractual Clauses adopted by the European Commission to ensure lawful international data transfers. FEDMA participated in webinars and shared its conclusions with its members. Schrems II ruling recalls that you need an adequate level of protection before transferring personal data outside of the EU, otherwise you need additional guarantees. The ruling validates the SCCs as a tool to ensure an adequate level. The data exporter has the obligation, before the transfer, to assess if the law and practice in the third country are adequate. If the importer cannot ensure adequacy, then additional measures need to be put in place. If additional measures cannot be put into place, then the transfer cannot be done.

Several DPAs have published additional guidance or comments.