Eu ico flag

UK/EU data transfer decision could hit Access solutions

On 08/03/2021

How will EU decision on frictionless data transfer to and from Europe effect Access Control and Time Attendance systems?

Software devAs part of the Brexit negotiations, the decision on the movement of personal data across the UK/EU border has once again raised the issue of where Time and Attendance or Access Control data is stored and processed. For UK businesses the GDPR rules have been a challenge and now with another potential barrier, could this cause even more grief!

The European Commission has recently published its draft UK adequacy decisions. If adopted these decisions will allow for continued free flow of personal data from the EU into the UK.

As well as its decision under the General Data Protection Regulation (GDPR), the EU also published another draft decision for personal data related to law enforcement.

The adequacy decisions are now with the European Data Protection Board (EDPB) who will deliver an opinion to the European Commission and representatives from the EU member states.

During this process, UK businesses and public authorities will continue to be able to receive data from the EU under the adequacy bridge agreed in the 2020 trade and cooperation agreement.*

Information Commissioner, Elizabeth Denham said:

“The draft adequacy decisions are an important milestone in securing the continued frictionless data transfers from the EU to the UK”.

“Today’s announcement gets us a step closer to having a clear picture for organizations processing personal data from the EU and I welcome the progress that has been made.”

Over the coming months these decisions will become clearer and the potential ramifications for UK businesses who store or process personal data in the EU should be clarified. Watch this space for News…

Paul Stanborough, MD at Aditech Ltd. commented: “From an Iris Recognition perspective, identification data is not directly subject to GDPR requirements as there is no correlation between either the scanned data or the enrolled data and any personal data for the individual. This is generally handled by the host system.”

Adding “It is clear that this decision may have serious implications for multi-national companies who insist on storing or processing data from UK systems at their EU headquarters, but let’s hope that common sense prevails and the free flow of data is assured.” *Source: ICO (Information Commissioners Office)

Feature aditech