The GDPR presented a quandary, perpetuated by the U.K.’s post-Brexit GDPR, for European firms subject to SEC examination and recordkeeping requirements. If they responded to SEC requests for information during examinations, they ran the risk of violating the GDPR’s strict controls on data transfers to non‑E.U. countries. Yet, if they failed to respond to the SEC, they faced potential enforcement actions. The U.K. Information Commissioner’s Office recently resolved this issue, confirming that firms may rely on the “public necessity” exception to the GDPR’s data transfer prohibitions when complying with SEC information requests. This article analyzes the terms of – and rationale for – the relief, with commentary from Morrison & Foerster partner Annabel Gillham and counsel Robert S. Litt. See “GDPR Lives On in the U.K. Post-Brexit” (Feb. 5, 2021).