The United Kingdom withdrew from the European Union on 31 January 2020. On the basis of the Withdrawal Agreement that has been ratified by both the European Union and the United Kingdom, a transitional period during which EU law continued to apply in the United Kingdom ended on 31 December 2020.  

As of 1 January 2021, transfers of personal data to the United Kingdom are governed by the EU-UK Trade and Cooperation Agreement (TCA), agreed by EU and UK negotiators on 24 December 2020 and provisionally applicable since the first day of the year. The Trade and Cooperation Agreement provides for an interim regime (so-called ‘bridging clause’, enshrined in Article FINPROV.10A of the TCA) that ensures the full continuity of data flows between the EEA and the UK, with no need for companies and public authorities to put in place any transfer tool under the GDPR or the LED. This solution is applicable for a period of maximum six months, and is conditional on the commitment by the UK not to change the data protection regime currently in place. In essence, this means that the UK must continue to apply the data protection rules, based on EU law, that were applicable during the transition period.

On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED) respectively. 

DownloadPDF - 1 MB
DownloadPDF - 798.7 KB

Notices and information to stakeholders in the field of data protection

DownloadPDF - 152.4 KB
DownloadPDF - 235.3 KB

Statement and Information from the UK Data Protection Authority - 29 January 2020

Information note on BCRs for companies which have ICO as BCR Lead Supervisory Authority - 12 February 2019