Data adequacy refers to the high standard of protection of personal data that the European Union demands of third countries – those outside of the Union – with which it shares data. It will only allow an adequacy decision to pass if it deems the country’s data standards to be comparable to the Union’s own. (For more, read: What does ‘Leave’ mean for advertising?.)
“Adequacy findings take a lot of work even if [the UK] is fully compliant with the GDPR,” Giovanni Buttarelli, Europe’s data protection supervisor, told the Financial Times. “Adequacy could take years.”
His concerns referred particularly to how the government and its agencies handle personal data and whether they will continue to meet standards around surveillance. “We will have to assess law enforcement bodies,” said Buttarelli.
But companies will need an adequacy deal in place if they are to continue transferring consumers’ personal data across borders. Not being able to do so would have an impact on several sectors, including health, insurance and tech.
Not everyone agrees with Buttarelli’s assessment, however, and he has no role in granting the sort of deals that are currently in place with the US, Japan, Switzerland, Israel and Argentina.
It is the European Commission that decides on these and one senior official said it would “take a matter of months” rather than years.
That optimistic timetable may not take into account the UK’s ongoing inability to decide what it wants from Brexit, despite being just a few weeks from the trigger date of March 29 and woefully unprepared.
A government report published yesterday said that just 16% of the 240,000 companies that need to register for new customs documentation have done so. The same day, the prime minister indicated that the exit process could be delayed to the end of June
Sourced from Financial Times; additional content by WARC staff