Well a happy GDPR New Year!
The EU and UK have agreed that its ok to keep sending personal data from the EU to the UK and vice versa – for now. This gives the EU 6 months to ratify the UK as an ‘adequate’ place for data, which I’m pretty sure will happen.
This agreement is also reliant on the UK not changing its GDPR legislation, which again, I think is safe.
So you are basically ok to use UK hosted services for your European citizens personal data.
We’ve taken a cautious approach, so EU customers can request EU hosting in our French data center. We’ve also got some SMC clauses prepared, but it looks like these are unnecessary at the moment.
The UK summary of the deal is here, and its actually a quite readable 34 pages ?
Some highlights from the UK summary:
Title 3 – 62 This is the first time the EU has agreed provisions on data in a free trade agreement. The provision helps to facilitate the cross-border flow of data by prohibiting requirements to store or process data in a certain location.
18.2 – This Part also includes a provision to provide for the continued free flow of personal data from the EU and EEA EFTA States to the UK until adequacy decisions are adopted, and for no longer than 6 months. The UK has, on a transitional basis, deemed the EU and EEA EFTA States to be adequate to allow for data flows from the UK.
54.The Agreement contains measures to encourage cooperation on the promotion of fair and transparent rates for international mobile roaming.
60.The Agreement includes ground-breaking provisions on legal services that go beyond what the EU has included in any other FTA to date. These measures will improve the clarity and certainty of market access for UK lawyers. The Agreement will give UK solicitors, barristers and advocates the right to advise their clients across the EU on UK and public international law using their home professional titles, except where EU Member States have placed specific limits on this activity.
Updated Jan 4th 2020 to reflect the Brexit deal.