The UK has historically been a key player in digital markets due to its geographical location and position in global business. In fact, until recent years when Brexit was still in progress, over 40% of all large EU digital companies originated in the UK and 75% of UK’s crossborder data flows were with EU countries. The fact that the UK has been an epicenter for so many European deals made it critical for the country to maintain its adequacy status.

‘Adequacy’ is a term the EU uses to describe countries, territories, sectors or organisations it deems to have an “essentially equivalent” level of data protection to the EU” after Brexit. In June 2021, UK businesses were given a reprieve as the UK is now deemed an ‘adequate’ jurisdiction for receipt of personal data from the EU/ EEA (European Economic Area) by the European Commission, with a ‘sunset clause’ that limits this to four years. However, despite this stay of execution, several regulatory requirements are still currently bearing down on UK corporates.

Animesh Kumar