It is therefore necessary to find another mechanism (for example. (B) the consent of the person concerned) allowing UK processors to transmit personal data to a non-EEA data processor. For more information on the default position, see our data protection guidelines at the end of the transition period. We will maintain these instructions on our website during the transition and update them if necessary to reflect any developments. This means that UK organisations must comply with EU data protection legislation (as it stands on 31 December 2020) with regard to the processing of personal data collected before the end of the transition, which relates to people living outside the UK. The RGPD is an EU regulation that will no longer apply to the UK from the end of the transition period. However, if you operate within the UK, you must comply with UK data protection legislation. The Government has stated that it intends to incorporate the RGPD into UK data protection legislation from the end of the transition period – therefore, in practice, the fundamental principles, rights and obligations of data protection in the RGPD will not change much. In the meantime, as we wait for UK data protection legislation to remain aligned with the RGPD, our data protection guide remains a good source of advice and guidance on how to comply with UK and EU data protection rules, both now and after the transition period. During this transitional period, the UK government and the EU will ideally negotiate a data protection agreement that meets the needs of both parties, whether it is an adequacy decision, a data protection shield agreement or another agreement allowing the free flow of data between the UK and the EU.
The UK and EU said they are „committed to ensuring a high level of protection of personal data to facilitate such flows between them“ and hope to have agreements reached by the end of the transition period.