BRUSSELS (Reuters) – The European Union has agreed that British standards for the protection of personal data are sufficiently high to allow information to continue to flow between the bloc and its former member, the European Commission said on Monday.
The EU executive has taken two “adequacy” decisions that include safeguards such as an automatic expiry after four years, the first time the EU has used such a “sunset clause”.
Its decisions relate to the EU’s overarching General Data Protection Regulation (GDPR) and to a directive on the processing of personal data connected with criminal offences, particularly for victims, witnesses and suspects.
The decisions affect British businesses that rely on international data flows or that operate inside the EU and need access to customer data. They would also guarantee flow of data for police and prosecutors investigating cross-border crime.
The adequacy decisions will be renewed if British rules correspond with EU standards. The Commission could also intervene during the four-year period if Britain deviates from the current level of protection.
The decisions were required by June 30 to allow a seamless transition at the end of a six-month grace period during which flows were allowed after Britain’s final exit from the bloc.
EU member states backed the Commission’s proposals earlier this month.
The EU has previously recognized as adequate the data standards of other countries, such as Argentina, Canada, Israel, Japan, New Zealand and Switzerland.
(Reporting by Philip Blenkinsop; Editing by Alexander Smith)