UK data protection adequacy decision approved by EU Commission

On 28 June 2021, the European Commission formally adopted an ‘adequacy decision’ that permits the continued free flow of personal data from EEA countries to the UK under the EU General Data Protection Regulation (EU GDPR). This is pleasing news and no doubt a relief to many HR practitioners with international employees across both the UK and EEA.

HR Optimisation summarises what this means for UK employers:

Legal Context

The EU GDPR regulations restricts international transfers of personal data outside the EEA on the basis that other countries may not offer a sufficient level of data protection. Restricted transfers are only permitted if the country or territory to which the data is transferred has received an ‘adequacy decision’ from the EU Commission, additional safeguards such as standard contractual clauses or binding corporate rules are put in place, or an exception applies.

Restrictions on international transfers have the potential to interrupt data flows and be disruptive to business. For example, employers that are part of a multinational corporate group with companies in the UK and across the EEA, operating a centralised HR portal, are constantly sending and receiving personal data across borders.

Brexit and the Trade and Cooperation Agreement

Subsequent to the post-Brexit transition period ending on 1 January 2021, the UK has been a third country for the purposes of transfers of personal data from the EEA to the UK. The UK-EU Trade and Cooperation Agreement provided a bridging mechanism that allowed the continued free flow of personal data from the EEA to the UK after the transition period for up to 6 months, i.e. up to 30 June 2021, while the EU Commission considered whether to grant the UK an adequacy decision.

Affirmative for Adequacy Decision

Thankfully common sense prevailed and on 28 June 2021 and adequacy decision was granted by the EU Commission for an initial 4 year period. Accordingly, it remains possible for personal data to be transferred from the EEA to the UK without additional safeguards.

What of transferring personal data from the UK to the EEA?

The substance of the EU GDPR has been incorporated into UK domestic law and continues to apply, albeit with certain changes to take account of Brexit. This is referred to as the ‘UK GDPR’ and is supplemented by the Data Protection Act 2018 (DPA 2018).

In much the same way as the EU GDPR restricts transfers of personal data outside the EEA, the UK GDPR restricts transfers of personal data outside the UK. However, in the lead up to the end of the post-Brexit transition period, the UK Government recognised EEA member states as providing adequate protection for personal data, in order to ensure the continued free flow of personal data from the UK to the EEA without the need for additional safeguards.

Action: Data protection documentation such as employee and customer privacy notices should, however, identify that personal data is being transferred on this basis (from UK to EEA and vice versa) where this applies to your business.

Privacy policy

This privacy policy sets out how HR Optimisation Ltd uses and protects any information that you choose to provide when you use this website. HR Optimisation Ltd is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy. HR Optimisation Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from: 25th May 2018. If you have any queries in relation to how we use your personal information, please contact hello@hroptimisation.co.uk

What we collect

No personal information has to be given in order to navigate around the HR Optimisation website. However, any information which you choose to provide via the website will be added to our marketing database and used by us for administration of our contact and client information and for marketing our services and events to those whom we believe will have an interest in these. On occasion it is possible that these messages will contain input from other companies or organisations with whom HR Optimisation Ltd is working, however HR Optimisation will never share your personal information with third parties without express permission. HR Optimisation Ltd may also store and use personal information which you have provided on the website or during email communications with us, during relationship management activities, provision of services and commercial administration. In all our dealings we abide by the principles of the Data Protection Act 2018 and General Data Protection Regulation 2018.

What we do with the information we gather

We require this information to understand your needs and provide you with our services, and in particular for the following reasons:

Internal record keeping e.g. administration of our services and for accounts processing

We may use the information to improve our products and services

Where you have supplied your details specifically in relation to our recruitment services, to provide information to prospective employers. In this regard you expressly agree that your personal details may be submitted to client contacts as appropriate in order to offer our services

We may periodically send promotional emails and newsletters about our services, special offers or other information which we think you may find interesting using the email address which you have provided.

From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.

Law Enforcement

HR Optimisation Ltd may be obliged to provide personal information to law enforcement officials during the investigation of any alleged unlawful activities and we shall have no legal liability for disclosures of this kind.

Security

We are committed to ensuring that your information is held securely. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. All information supplied to HR Optimisation online or via any other means is stored securely and HR Optimisation will take all reasonable steps to ensure that no unauthorised third parties may gain access to this database/documentation.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at:

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide. Our website only uses cookies for anonymous page tracking, allowing us to improve your experience of our website. No personal data is collected.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

When you request information from us, or send an email enquiry, you will be given the opportunity to unsubscribe at any time, and cease receiving any further emails, by clicking on the unsubscribe link at the bottom of our emails. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. You may request details of personal information which we hold about you in line with the Data Protection Act 2018. A small fee will be payable. If you would like a copy of the information held on you please write to: hello@HROptimisation.co.uk If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect. However, if you feel that any issue raised has not been adequately addressed, you can contact the Information Commissioner’s Office at www.ico.org.uk.

Tags In

Categories

Latest Projects