At the 11th hour, the EU and the UK managed to reach a trade deal prior to the end of the Brexit transition period.

The first thing I rushed to look at on Christmas Eve (how thrilling!) when the full document was published, was the position (if any) on data transfers.  Thankfully, the trade deal allows for the continued free flow of personal data from the EEA to the UK, without the need for additional compliance measures, for up to six months following the end of the transition period.  The ICO has welcomed this approach.

It's then hoped that during this six month grace period, the UK will receive an adequacy decision from the European Commission, and then from the summer we can rely on that for any future transfers from the EEA to the UK.  Fingers and toes crossed.  It's of course worth mentioning that the UK has already declared the EU and EEA's member states as adequate, so there are no issues about data transfers in the UK-EEA direction.

This doesn't mean we can take our eyes off the ball though.  The ICO have recommended that alternative transfer mechanisms are put in place (e.g. standard contractual clauses) to safeguard against any interruption to the free flow of EU to UK personal data (just in case we don't receive that adequacy ruling).  It's unlikely businesses will want to do that however, given that the new SCCs haven't yet been finalised.