International data transfers after Brexit

In June 2021, the European Commission adopted two adequacy decisions for the UK – one under the EU GDPR (General Data Protection Regulation) and the other under the Law Enforcement Directive.

This means that personal data can continue to be transferred from the EEA to the UK without the need for organisations to use SCCs (standard contractual clauses) or another means of ensuring that appropriate safeguards apply, as required by Article 45 of the GDPR.

Under the Commission’s decision, the EU will deem the UK DPA (Data Protection Act) 2018 and UK GDPR adequate for four years, after which the adequacy findings will be renewed only if the UK continues to afford EU residents’ personal data an adequate level of protection in line with the EU GDPR.

If UK data protection law deviates from the EU GDPR to a significant extent during those four years, the Commission has the option to withdraw the decision.

In practical terms, this means you shouldn’t need to worry about processing EU residents’ personal data in the UK if you are compliant with the UK GDPR.

However, the GDPR still requires organisations to implement processes that ensure that third-party data processors can demonstrate compliance with their legal and contractual obligations – wherever they are located.

If you need help with third-party supplier assurance, DQM can run your assurance programme for you.

Learn more about our third-party assurance services
Data transfers after Brexit
Reporting Data Broking to the ICO

ICO report into data broking

Does the way you buy or sell data need to be updated?

The ICO’s long-awaited report into the data broking industry found issues with transparency and process limitation, and has prompted data buyers to strengthen their due diligence requirements.

Data brokers perform a vital service in matching businesses with prospective purchasers, but individuals who are uncomfortable with how their data is used make complaints, not purchases. Data protection regulations challenge data brokers and marketers to work together in a much more strategic way. The goal is, very clearly, to reduce the complaints and increase the purchases.

DQM GRC was originally founded to support data brokers and data owners. We audit around 80% of the UK market and many of our consultants are specialists in both privacy and marketing.

Download our free guide that helps data brokers understand how the ICO’s ruling affects them.

Our support for data brokers and buyers

Expand each section to learn more.

Privacy essentials for marketers

Privacy Essentials for Marketers

This one day course, offered through our sister company IT Governance, is designed to give marketers and privacy professionals an understanding of how to incorporate privacy requirements into specific types of marketing activities.

Participants will learn how to create and execute compliant and effective digital marketing campaigns and will receive an IBITGQ-accredited certificate on successfully passing the exam.

Visit IT Governance

Data licence audit

Data Licence Audit

DQM GRC is long established as the leading provider of data licence assurance services to the UK’s commercial data owners.

Our specialist second party auditors will work with you to create a bespoke audit plan to meet your needs and requirements.

Learn more

Compliance tracking services

Data Licence Audit

Our Compliance Tracking Service can offer reassurance for data owners by ensuring that third party data processors, such as data broker customers, are using your organisation's data appropriately.

Learn more

Privacy Shield invalidated

Do you need to review the way you transfer data to the US?

The European Court of Justice recently invalidated the Privacy Shield framework as a mechanism for transferring data between the EU and the US, in the ‘Schrems II’ decision.

The Swiss-US Privacy Shield was invalidated shortly afterwards.

While the Privacy Shield remains a useful way of demonstrating that many data protection requirements will be met by the US data recipient, organisations that previously relied on it will now need to find a new basis for transferring data and implement the requirements associated with it.

Data Transfers to the US

Our support for EU-US data transfers

Expand each section to learn more.

EU-US data transfers assessment and action plan

EU-US Data Transfers

Do you have everything in place to keep data flowing after the fall of Privacy Shield?

Our consultants will assess your progress against the six steps set out by the European Data Protection Board, plus an assessment of your readiness to cope if your controls fail, and provide you with an action plan to help you comply.

Learn more

EU-US data transfers webinar

Free EU-US Transfers Webinar

The Schrems II ruling and Brexit mean that UK organisations are required to reconsider the legal basis for the transfer of personal data to and from Europe.

Join our experts on this webinar to learn about the practical implications for UK–EU data transfers in the light of Schrems II and Brexit that your organisation must consider.

Watch now