21.07.2021

Changes in data transfer outside the European Union

Mariusz Purgał
Barbara Miziołek

June 28, 2021. The European Commission has issued a decision regarding the transfer of personal data from the European Union to the UK. The need to regulate data transfers to the UK arose as a result of the UK’s departure from the EU (Brexit) and brings with it changes for all entities transferring data from Europe to the UK.

Under the provisions of the GDPR, the transfer of personal data outside the EU can only take place in a few cases. Among others, when the European Commission determines that a third country – as a data recipient – provides an adequate level of protection. Such a decision has been issued by the EC concerning the UK. Currently, the UK does not apply the provisions of GDPR. Until now, they have enabled the free flow of data between the countries of the European Economic Area and the UK.

The EEA consists of the twenty-seven EU member states plus Iceland, Liechtenstein, and Norway. While the transfer of data within them is subject to facilitation, this is not the case for countries outside the EU.

 

Recognition by the European Commission of a particular third country, in this case, the UK, as providing an adequate level of protection for personal data allows such data to be transferred from the EEA just as freely. And the entire process takes place without the need to obtain additional authorizations or implement additional safeguards under Chapter V of the GDPR. Such safeguards include standard contractual clauses, which are required if a third country does not provide an adequate level of protection as confirmed by an EC decision. In practice, this means that personal data will be able to be transferred to the UK without restrictions while respecting other provisions of the GDPR.

In the absence of an EC decision as to the third country, data transfer is based on standard contractual clauses as possible. As of 27 June 2021, new model clauses adapted to the requirements of GDPR became effective. Standard contractual clauses are a set of model (model) provisions of an agreement on the transfer of data between entities. We currently have four types of standard contractual clauses corresponding to different data transfer relationships:

  • between controllers,
  • from a controller to a processor in a third country,
  • between processors,
  • from processor to the controller in a third country.

Contracts concluded before the entry into force of the new model clauses based on the previous model may still form the basis for data transfers outside the EEA. However, provided that the processing operations that are the subject of the contract remain unchanged. The second requirement to be met is the use of appropriate safeguards.

Note, however, that the use of the above mechanisms does not exempt the transferor from the obligation to verify the recipient of the data! He must assess whether the entity receiving the data provides a guarantee of adequate – and above all secure – data processing.

The Foundation conducts legal publishing activities free of charge

Do you want to be up to date? Sign up for our newsletter

By subscribing to our newsletter, you consent to the sending of information by e-mail on important events in the field of law, legislative changes and the activities of the Law Firm.

read more

The administrator of your personal data is KWKR Konieczny Wierzbicki i Partnerzy S.K.A. with headquarters in Krakow, ul. Kącik 4, 30-549 Krakow. Your data will be processed for the purpose of sending our newsletter. You have the right to request access to your personal data, their copies, rectification, deletion or limitation of processing, as well as the right to object to the processing and to lodge a complaint with the supervisory authority. More details can be found in our Privacy Policy.

Contact

KWKR Konieczny Wierzbicki and Partners Law Firm
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Administratorem Twoich danych osobowych jest KWKR Konieczny Wierzbicki i Partnerzy S.K.A. z siedzibą w Krakowie, ul. Kącik 4, 30-549 Kraków.
Przetwarzamy Twoje dane wyłącznie w celu udzielenia odpowiedzi na wiadomość przesłaną przez formularz kontaktowy i dalszej komunikacji (co stanowi nasz prawnie uzasadniony interes) – przez czas nie dłuższy niż konieczny do udzielenia Ci odpowiedzi, a potem przez okres przedawnienia ewentualnych roszczeń. Masz prawo do żądania dostępu do swoich danych osobowych, ich kopii, sprostowania, usunięcia lub ograniczenia przetwarzania, a także prawo wniesienia sprzeciwu wobec przetwarzania oraz wniesienia skargi do organu nadzorczego. Więcej szczegółów znajdziesz w naszej Polityce Prywatności.
Warszawa

Rondo ONZ 1,

00-124 Warszawa

+48 12 3957161

kontakt@kwkr.pl

Chcesz być na bieżąco? Zapisz się do naszego newslettera

Zapisując się do naszego newslettera wyrażasz zgodę na przesyłanie drogą e-mail informacji na temat istotnych wydarzeń z dziedziny prawa, zmian legislacyjnych oraz działalności Kancelarii.

czytaj więcej

Administratorem Twoich danych osobowych jest KWKR Konieczny Wierzbicki i Partnerzy S.K.A. z siedzibą w Krakowie, ul. Kącik 4, 30-549 Kraków. Twoje dane będą przetwarzane w celu wysyłki naszego newslettera. Masz prawo do żądania dostępu do swoich danych osobowych, ich kopii, sprostowania, usunięcia lub ograniczenia przetwarzania, a także prawo wniesienia sprzeciwu wobec przetwarzania oraz wniesienia skargi do organu nadzorczego. Więcej szczegółów znajdziesz w naszej Polityce Prywatności.

 

Do you want to be up to date? Sign up for our newsletter

By subscribing to our newsletter, you consent to the sending of information by e-mail on important events in the field of law, legislative changes and the activities of the Law Firm.

read more

The administrator of your personal data is KWKR Konieczny Wierzbicki i Partnerzy S.K.A. with headquarters in Krakow, ul. Kącik 4, 30-549 Krakow. Your data will be processed for the purpose of sending our newsletter. You have the right to request access to your personal data, their copies, rectification, deletion or limitation of processing, as well as the right to object to the processing and to lodge a complaint with the supervisory authority. More details can be found in our Privacy Policy.