Recently, the DCMS announced three important developments on the UK data protection front:
- The UK Government's approach to granting adequacy decisions in respect of third countries under UK GDPR, including a list of 'priority countries' that it will focus its assessment efforts on first.
- Details of a consultation on the UK's future data protection regime, to be launched in September.
- The identity of the preferred candidate for the role of Information Commissioner once the current incumbent, Elizabeth Denham, steps down in the autumn.
The Government's approach to granting adequacy decisions in respect of third countries
Data ‘adequacy’ is a status granted to countries which provide adequate standards of protection for personal data. An ‘adequacy’ determination means that personal data can be transferred from the UK to that country freely, in accordance with the terms of the relevant adequacy decision, without the need for organisations subject to UK GDPR to consider alternative transfer mechanisms.
As well as setting out details about how it will approach adequacy assessments (including a UK Adequacy Manual), the Government announced its top priority destinations for fast tracking adequacy decisions, including Australia, Colombia, the Dubai International Financial Centre, the Republic of Korea, Singapore, and the United States of America, and in the longer term: Brazil, India, Indonesia and Kenya.