Credit: Clker-Free-Vector-Images from Pixabay

With little more than a month remaining, government has admitted it faces an “increasingly challenging” task to achieve EU data adequacy status before the end of the Brexit transition period.

For some months, the government has been working with the European Commission to try and ensure data adequacy status – which would mean that data could continue to be legally transferred between UK businesses and public sector bodies and organisations in the remaining 27 member states.

Minister for data John Whittingdale said that the government is “working constructively with the commission to secure data adequacy by the end of the transition period [and] we see no reason why we should not be awarded adequacy”.

Related content

• EU data transfers: UK legislates ‘transitional’ measures for post-transition period
• Policy on public sector use of US cloud under review as uncertainty grows over post-Brexit data transfers
• Brexit will mean data is ‘not inappropriately constrained’, minister says

“However, the process is controlled by the commission,” he added. “And we are realistic about the increasingly challenging timelines for completion.”

Whittingdale advised UK firms that, even if adequacy cannot be achieved before the end of the year, they can look to “alternative legal mechanisms to continue receiving personal data from the EU”.

“Standard Contractual Clauses (SCCs) are the most common legal safeguard and will be the relevant mitigation for most organisations,” he said. “The ICO has created an interactive SCCs tool for businesses to use and further guidance can be found on GOV.UK and the ICO’s website regarding steps organisations may be required to take relating to data protection and data flows by the end of the transition period.”

Whittingdale’s comments were made in answer to a written parliamentary question from Scottish National Party MP Brendan MacNeil.