End of Transition Period – keeping data safe

Background

This information has been developed as part of the Care Provider Alliance guidance to adult social care providers on business continuity, including the end of the transition period.  It was originally published in December 2020 and updated in January and June 2021.

On 31 December 2020, the UK government and the EU reached a Trade and Cooperation Agreement. The Agreement contained a bridging mechanism that allowed the continued free flow of personal data from the EU/EEA to the UK after the transition period until adequacy decisions came into effect, for up to six months (i.e to end of June 2021).

Data adequacy agreement reached – June 2021

On 28 June 2021 the EU officially adopted the ‘adequacy’ decisions allowing data to continue flowing freely to the UK.

Data adequacy is a status granted by the European Commission to countries outside the European Economic Area (EEA) who provide a level of personal data protection comparable to that provided in European law. When a country has been awarded the status, information can pass freely between it and the EEA without further safeguards being required.

Formal adoption of the decisions under the EU General Data Protection Regulation (GDPR) and Law Enforcement Directive (LED) allows personal data to flow freely from the EU and wider European Economic Area (EEA) to the UK. The decisions mean that UK businesses and organisations can continue to receive personal data from the EU and EEA without having to put additional arrangements in place with European counterparts.

The UK, which now operates a fully independent data policy, has already recognised the EU and EEA member states as ‘adequate’, as part of its commitment to establish a smooth transition for the UK’s departure from the bloc.

Actions to take

Care providers who may store or share information with the EU/EEA no longer need to take any additional actions to ensure the free flow of data.

You must, however, continue to follow data protection regulations and legislation. We strongly recommend that you carry out a self-assessment of your data protection and cyber security arrangements using the Data Security and Protection Toolkit on an annual basis.

You can access free support on data security, including help with completing the toolkit, from the Better Security, Better Care programme.

Additional reading

• Government announcement – EU adopts ‘adequacy’ decisions allowing data to continue flowing freely to the UK
• Information Commissioner’s Office – Data protection at the end of the transition period
• Government guidance – Using personal data in your business or other organisation
• Digital Social Care – Better Security, Better Care: support on data protection and cyber security

Ask for help

If you have any questions or need support on the issue of data transfers between the UK and EU, please contact [email protected].

Sign up for Digital Social Care’s e-newsletter to get regular updates on data and digital issues for the care sector. Sign up online.

Disclaimer

The CPA and Digital Social Care assume no responsibility or liability for any errors or omissions in the publication of this communication. The information contained in this update is provided on an “as is” basis with no guarantees of completeness, accuracy, usefulness or timeliness.

Last updated 29 June 2021. Originally published December 2020.