The UK’s current alignment on GDPR meant this didn’t come as a surprise, but does mean the UK will have to stick to the same standards in the future
A necessary step to minimise red tape after Brexit: On 19 February 2021, the European Commission published the draft adequacy decisions to allow the transfer of personal data from the EU to the UK. If adopted, these decisions will ensure that the flow of data between the two areas continues in the same way as it did before Brexit, without the need for businesses to adopt additional safeguards. The European Data Protection Board will now provide a non-binding opinion on the adequacy decisions, before the European Council decides on the matter. The decision will be valid for four years, after which it can be extended subject to a review.
The UK will have to stick to current legal standards: The UK transposed the GDPR into its Data Protection Act in 2018, and no changes have occurred since the country left the bloc. However, the UK will have to maintain a similar level of alignment in the future if it aims to retain the status of an adequate destination. This goes beyond GDPR: it involves being part of the European Convention on Human Rights, and retaining the current safeguards on aspects such as the acquisition of communications data by public authorities, and the redress against surveillance measures in the Investigatory Powers Act. This could mean the UK Government may have to refrain from strengthening its surveillance regime – something it has repeatedly hinted at doing over the last few years.
Source: https://ec.europa.eu/commission/presscorner/detail/en/IP_21_661