UK finalizes first independent post-Brexit data transfer deal with South Korea

The UK has finalized its first independent data adequacy decision since leaving the European Union (EU) which will allow UK organisations to securely transfer personal data to the Republic of Korea without restrictions by the end of the year. The UK government stated that the new legislation, first agreed upon in principle in July, will allow businesses in both countries to share data more easily, enhancing opportunities for cooperation and growth. The decision comes following a full assessment of the Republic of Korea’s personal data legislation, with the UK government concluding that the nation has strong privacy laws in place that will protect data transfers while upholding the rights and protections of UK citizens.

Removing data transfer barriers will boost research and innovation

Once in force, the new data transfer agreement will remove barriers to data transfers that will boost research and innovation by making it easier to collaborate, the UK government stated in a Department for Digital, Culture, Media, and Sport press release. “Before now, organizations needed to have costly and time-consuming contractual safeguards in place, such as standard data protection clauses and binding corporate rules. The new freedoms will open up opportunities for many small- and medium-sized businesses who may have avoided international data transfers to Korea due to these burdens,” it added. The Republic of Korea is one of the fastest growing markets for the UK, with more than two-thirds of British services exports to the country data-enabled.

Commenting on the legislation, Data Minister Julia Lopez said: “Before the end of the year, businesses will be able to share data freely with the Republic of Korea – safe in the knowledge it will be protected to the high privacy standards we expect in the UK.”

Data adequacy agreement “broader than EU’s deal with South Korea”

Not only is this new deal the UK’s first that independently recognises a priority country as adequate since leaving the EU, it is also broader than the EU’s data transfer agreement with South Korea, the UK government stated. The most significant difference between the two deals is that UK organisations will be able to share personal data related to credit information with Korea to help identify customers and verify payments, which will help UK businesses with a presence in Korea to boost credit, lending, investment and insurance operations.

John Edwards, UK Information Commissioner, said: “We support the government in undertaking adequacy assessments to enable personal data to flow freely to trusted partners around the world.” The UK’s Information Commissioner’s Office (ICO) provided advice to the government during this assessment of Korea and it is satisfied with the government’s recognition of similar data protection rights and protection in Korean law, he added. “This will bring certainty to UK businesses and reduce the burden of compliance, while ensuring people’s data is handled responsibly.”

Tash Whitaker, global data compliance director at Whitaker Solutions Ltd, tells CSO: “This decision comes almost a year after the EU granted adequacy to the Republic of Korea, so it’s good to see the UK catching up with the EU, in allowing the free flow of personal data cross-border to a country that has a level of protection that does not undermine the UK or EU GDPR.”