NEWS “without comment”
UK’s new Information Commissioner formally appointed
25 January 2021:
Following a request from the Secretary of State for the Department of Digital, Culture, Media and Sport, the Information Commissioner Elizabeth Denham has agreed to extend her term of office by just over three months ending on 31 October 2021 while the recruitment process for her successor is completed.
Ms Denham took-up the role from 18 July 2016 for a period of five years, replacing Christopher Graham whose term of office ended on 28 June 2016.
Further ICO News for UK Business:
Businesses in the UK should be preparing now for the looming prospect of personal data transfers from the EU becoming unlawful in a matter of months, which could cause major headaches for any company importing information from the continent, whether that’s HR files, customer details or advertising data.
In a new blog post, the Information Commissioner Elizabeth Denham warned UK businesses to “take sensible precautions for any eventuality”, despite the seemingly encouraging terms of the trade deal that was agreed between the UK and the EU following the country’s departure from the bloc.
The eleventh-hour Trade and Cooperation Agreement (TCA) that was reached last month contains a provision that allows personal data to continue to flow unimpeded from the EU to the UK until a longer-term deal is achieved on the issue. If no agreement has been found by the end of June, however, UK businesses will have to resort to new mechanisms, often in the form of complex data protection contracts, to be able to legally import and process the personal information of EU citizens.
SEE: Guide to Becoming a Digital Transformation Champion (TechRepublic Premium)
With practically all industries currently exchanging data with the European bloc, all eyes will be on the outcome of the negotiations. Three quarters of the UK’s international data flows are with the EU, affecting fields such as tourism or financial services, but also healthcare or banking.
Until Brexit happened, the UK formed part of the EU’s General Data Protection Regulation (GDPR), meaning that the country’s data privacy laws were aligned with the bloc’s standards. Now that the UK has left the EU, however, it is up to European regulators to decide whether the country’s data privacy laws are stringent enough to protect the personal information of EU citizens.
This is called an adequacy decision, and despite many years of negotiations, it was not achieved before the UK left the bloc. Instead, a six-month transition period was granted, which allows transfers of personal data to keep flowing to the UK without restrictions, while the EU continues to weigh whether or not to concede adequacy.
“This is very welcome news and was the best possible outcome for UK organisations given the risks and impacts of no adequacy,” wrote Denham. But although the EU has committed to consider “promptly” the UK’s adequacy decision, the information commissioner warned against complacency. “Of course, there is no guarantee that the EU will grant the UK an adequacy decision,” she said.