The final hurdle for the UK adequacy decision was to receive approval from representatives on behalf of each EU Member State. On 16 June this hurdle was passed when representatives from all 27 Member States voted unanimously in favour of the UK adequacy decision.
It is now just a case of waiting for the European Commission to adopt the final decision to complete the process - hopefully before the expiry of the EU-to-UK data transfer bridging period on 30 June.
This is a really positive development for both UK and European businesses and will allow for the continued free flow of personal data from the EU to the UK, without implementing additional safeguards.
It will be interesting to see what direction the UK data protection framework takes in the coming years.
The recent report published by the Taskforce on Innovation, Growth and Regulatory Reform (TIGRR) raises some important questions about the future of data protection law in the UK. The report proposes "a new, more proportionate, UK framework of citizen data rights" in place of the UK GDPR, to stimulate growth in the digital economy and better adapt to new technologies such as artificial intelligence and blockchain.
If an overhaul of the UK data protection framework is on the cards then an immediate concern is the withdrawal of any adequacy decision we receive, as well as failure for it to be renewed after the initial 4 year adequacy period. I expect, for this reason, any proposals to depart from the current framework will face significant challenge and therefore take time to come to fruition.