Data protection and Brexit – how business may be affected

17,480

The basis on which the UK will leave the EU has still to be decided but the Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow.

But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA) may be affected.

Personal information has been able to flow freely between organisations in the UK and European Union without any specific measures. That’s because we have had a common set of rules – the GDPR.

But this two-way free flow of personal information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data.

In this event, the Government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected.

ICO guidance

The ICO have published guidance and practical tools to help organisations understand the implications and to help you plan ahead. These comprise:

Many organisations have already been making preparations in case the UK leaves the EU without a withdrawal agreement in place. This includes those that are involved in transfers of personal data to and from the EEA.

Standard Contractual Clauses

Many may decide that one potential solution is to put in place what are known as Standard Contractual Clauses between themselves and organisations outside the UK. The ICO’s straightforward, interactive guide can help you with that process. Particularly aimed at small and medium sized organisations, it will help you decide if Standard Contractual Clauses are relevant and will minimise the expense of putting them in place.

Transfers on the basis of a European Commission adequacy decision

The Government has also made clear its intention to seek adequacy decisions for the UK. An adequacy agreement would recognise the UK’s data protection regime as essentially equivalent to those in the EU. It would allow data flows from the EEA and avoid the need for organisations to adopt any specific measures. But any such adequacy decisions will not be in place before the UK leaves the EU (and will take time to conclude). However, organisations need to consider their circumstances and what transfer mechanisms are appropriate.

 

Via ICO

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services