EU and UK GDPR – Complete Harmony?

In an announcement on the 28th June 2021 the EU have made two decisions that profoundly affect the transfer of data between the EU and the UK. The EU have decided that the UK GDPR and associated legislation are directly compatible with the EU GDPR, and therefore the two systems remain aligned and will do so until 27th June 2025 when a review will take place. A copy of the European Commission’s decision is available here for download. This means data can continue to flow as it did before between the EU and the UK, in the majority of circumstances.

What Does the Alignment Mean?

This means that any of our EU customers looking to upload data to our systems can rest assured that although the UK is now outside the EU, the same GDPR applies in the UK as it does in the EU, and that the EU have sanctioned the transfer of data between the two jurisdictions.

This was a major concern when Brexit took place, and companies were very worried that when the UK left the EU there would be huge issues with the transfer of data between any EU state and the UK.

The decision in June 2021 means that there are now four years where data can be transferred between customers and businesses, or between institutions without any issues arising in relation to GDPR. The major concern on this has been that the UK would immediately move away from the EU in relation to its own GDPR, and that data transfer within the UK would become very different to data transfer in the EU.

GDPR = Gold Standard

The GDPR is of course a gold standard in the transfer of data, and there are a whole host of institutions, including business, academic and government, who have specific and strict requirements as to what data can be transferred and to whom and where. Our company is IASME accredited for our adherence to GDPR and we are assessed annually to ensure we are still complying.

EU Data and UK Data – EU Offices

Quite a few companies have established EU subsidiaries specifically because of the dangers of the EU or the UK diverging away from the other, and the GDPR suddenly becoming very different between the two, causing issues with the permissibility of transfer between the two jurisdictions.

TP Transcription Limited has opened an office in Dublin and also maintains TPTranscription.ie in order to be able to give quotes and provide transcription services to our EU customers on an entirely separate basis to our UK offices.

Regardless of future decisions by the UK or the EU in relation to GDPR, companies like ours are now in a secure position because should the UK diverge away from EU regulations, which would potentially require clients in EU member states such as Ireland, France or Spain to restrict their data to being solely within the EU, our company will still be able to provide our services.

GDPR and UK Based Servers

However as it currently stands there is no issue at all with the transfer of data from an EU member state into the UK, because the EU and the UK have recognised each other’s standards of GDPR as being completely compatible, and unless there is an institutional restriction on the transfer of data outside the EU and not to other countries even with compatible GDPR, then there is no reason at all why clients cannot use UK based GDPR secure servers in order to get their recordings transcribed.

Any Questions?

If you have any questions about the EU and UK GDPR, and the decisions by the EU and the UK to maintain divergent systems until 2025, please contact Jonathan Fagan, one of our directors, at jonathan@tptranscription.co.uk.

What is GDPR?

As a quick reminder, The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU) and the UK.

UK GDPR Guidance

The ICO (Information Commissioner’s Office in the UK) have produced a guidance page on the decision which is available here – https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/overview-data-protection-and-the-eu/. The General Data Protection Regulation, first developed when the UK was still part of the EU, has been kept in UK law as the UK GDPR.

What is the UK GDPR?

What is the UK GDPR? Essentially the same as the EU GDPR. UK GDPR has seven principles:

  • Lawfulness, fairness and transparency.
  • Purpose limitation.
  • Data minimisation.
  • Accuracy.
  • Storage limitation.
  • Integrity and confidentiality (security)
  • Accountability.

(full information can be found here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/)

What is the EU GDPR?

It is pretty much the same thing – a full breakdown of the EU regulation can be found here – https://gdpr-info.eu/ and the basic principles are available here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr_en

Our Accreditations

We are Cyber Essentials Plus audited annually and we hold the Cyber Essentials and Cyber Essentials Plus certificates. We are UKAS ISO 27001:2022 audited and accredited and ISO 9001 & ISO 14001 systems accredited company. We are members of the American Translators Association and we are assessed for GDPR compliance annually by IASME (Cyber Assurance Level 1).

10% Profits to Charity

10% of our profits are donated to the Ten Percent Foundation, a charitable trust registered in the UK. Since 2000 over £150,000 has been donated to projects in Africa and the UK. Click here for details.