Published 3 December 2020.
Updated 15 January 2021
This information has been developed as part of the Care Provider Alliance guidance to adult social care providers on business continuity, including the end of the transition period.
On 31 December 2020, the UK government and the EU reached a Trade and Cooperation Agreement. The Agreement contains a bridging mechanism that allows the continued free flow of personal data from the EU/EEA to the UK after the transition period until adequacy decisions come into effect, for up to six months (i.e to end of June 2021). In practice, the Government does not envisage the bridging arrangements to be in place for more than four months.
EU adequacy decisions for the UK would allow for the ongoing free flow of data from the EEA to the UK.
As a sensible precaution, during the bridging mechanism, it is recommended that organisations work with EU/EEA organisations who transfer personal data to them to put in place alternative transfer mechanisms to safeguard against any interruption to the free flow of EU to UK personal data.
Data adequacy is a status granted by the European Commission to countries outside the European Economic Area (EEA) who provide a level of personal data protection comparable to that provided in European law. When a country has been awarded the status, information can pass freely between it and the EEA without further safeguards being required.
If the European Commission grants an adequacy decision, then no action will need to be taken by social care providers. However, this briefing will help you with contingency planning and with what to do if an adequacy decision is not reached after the six month bridging period (to end of June 2021).
This briefing is relevant to all adult social care providers in England.
If you have any questions or need support on the issue raised here, please contact [email protected].
There are three key actions that all adult social care providers should take to prepare for the possibility that a data adequacy agreement is not reached by the end of the bridging period (June 2021).
If you are already compliant with the EU GDPR, you are unlikely to need to do more at this stage. This is a good time to review your GDPR work to make sure that you are still compliant. There is guidance on how to make sure you are compliant with GDPR on the Digital Social Care website.
You need to understand if you transfer, e.g. send or receive, any personal data/information to or from the EU or EEA. We think it is unlikely that many care providers will be doing this routinely.
If you send data to the EU/EEA, the UK government has stated that this can continue post-transition. No new action needs to be taken.
If you receive data from the EU/EEA you will need to work with the individual or organisation in the EU/EEA to make sure that this can continue legally.
If you have services in the EU/EEA you should appoint a representative based in that country to act as your local point of contact with individuals and data protection authorities. This person cannot be your Data Protection Officer (DPO) or one of your processors.
If you have public liability or cyber insurance, you may wish to check to see if you are covered if you have a data breach caused by the lack of adequacy decision at the end of the transition period.
Some social care staff and those receiving care and support services are citizens of the EU/EEA. We have spoken to the Department of Health and Social Care about processing of their data and are waiting for their response.
The Information Commissioner’s Office held a webinar on 3 December 2020. You can watch the recording below:
If you have any questions or need support on this issue, please contact [email protected].
Sign up for Digital Social Care’s e-newsletter to get regular updates on this, and related data and digital issues for the care sector. Sign up online.
The CPA and Digital Social Care assume no responsibility or liability for any errors or omissions in the publication of this communication. The information contained in this update is provided on an “as is” basis with no guarantees of completeness, accuracy, usefulness or timeliness.
To help us improve this website, we’d like to know more about your visit today.
Please leave any feedback below :