The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

EEA The European Economic Area. It is made up of the EU member states plus Iceland, Norway and Liechtenstein.
GDPR General Data Protection Regulation. This sets out the data protection rules which apply across the EEA.
SCCs Standard contractual clauses. These are standard clauses you can use when transferring personal data to other countries to make sure you comply with the rules on international transfers and keep that data protected.
DPO Data protection officer. If you are a public authority or if your core activities involve certain types of large-scale processing, you must have a DPO.
Lead authority A European data protection regulator who takes action on behalf of regulators across the EEA. Having a lead authority avoids your having to deal with different regulators and enforcement action in every EEA country where individuals are affected. You will only have a lead authority if you have an office, branch or other establishment inside the EEA.
Adequacy The European Commission has the power to determine whether a third country (the UK becomes a third country to the EU GDPR once the transition period ends) has an adequate level of data protection. The effect of an adequacy decision is that personal data can be sent from an EEA state to a third country without any further safeguard being necessary. The UK Government are currently seeking adequacy decisions from the European Commission to ensure the free flow of data once the transition period ends. We will update our guidance to reflect the outcome of this.