Personal data can still be transferred in United Kingdom without a legal basis for the transference because the European Commission has established that it is a safe country.
The European Commission has approved the United Kingdom as a safe third country under both the General Data Protection Regulation and the Legislation on the implementation of the Law of the 28th of June 2021. This is done by issuing two so-called adequacy decision, which mean that at the end of the transitional period after Brexit, personal data can still be transferred in the United Kingdom without a transference basis. Anyway, it remains a condition that also other disposals of the Regulation are respected.
The transitional period post Brexit
The United Kingdom has left the European Union on the 1st of January 2021. This means that the United Kingdom has became the so-called third country and so the transference of personal data towards the United Kingdom asks for a legal base of transference at the end of the transitional period on the 1st of July 2021. Anyway, this will be unnecessary after the adequacy decision.
What is an adequacy decision?
The European Commission can decide, based on the General Data Protection Regulation, that a third country has granted an adequate level of personal data protection. This means that data controllers and processors can shared personal data in the United Kingdom at the same time before Brexit.
Data_protection__Commission_adopts_adequacy_decisions_for_the_UKSOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA DANIMARCA