UK businesses can breathe a sigh of relief that the EU recently confirmed that the UK offers an equivalent level of protection to personal data as under EU law, meaning the UK joins the very small group of other “whitelisted” countries (around a dozen) to which personal data can flow from the EU without extra measures being put in place. The decision lasts for four years, at which time it will be reviewed.

One of the measures that can be used to send personal data lawfully from the EU to non-whitelisted countries is the inclusion in the relevant contract of standard contractual clauses specified by the EU. The same applies to UK businesses wanting to send personal data to non-EEA countries.

The EU has recently updated these standard contractual clauses but UK businesses should note that this update applies only to countries in the EU. We now have the slightly confusing situation of the UK continuing with the old standard contractual clauses (because that’s what was in force when the UK left the EU) and the EU using a new set. In time, it’s expected that the UK will adopt a new set, which may or may not follow the EU’s lead. Watch this space…

If you want to discuss any aspects of data protection, please do not hesitate to contact Matt Worsnop on 0116 281 6235 or by email on

Published by

Categorised in: , , ,

Tags: , , , ,