grandfathered

No change to position in the UK, and transfers out to the EU/EU approved countries remain as is (for now). some business may need an EU rep and for the time being there's a risk of dual punishment by ICO and EU regulators.

But as we're a 3rd country, getting data into the UK will need Model Clauses etc until an adequacy decision comes through.

(and when it does come through, expect Schrems to launch litigation to say we are not compliant, as GCHQ do the same stuff that NSA does which is what killed safe Harbor and led to Privacy Shield)

As with so much on the regulatory side of things, we are just going to peg ourselves to the EU for the foreseeable future.

Posted By: CWC, Oct 9, 12:55:51