What are the data protection implications for your organisation post-Brexit?

How does Brexit impact data protection in the UK?

The General Data Protection Regulation (GDPR) is the product of Britain’s membership of the EU. Together with the Data Protection Act 2018, they set the legal framework for handling and processing data in the UK.

Following the outcome of December’s general election and last week’s parliamentary approval of the withdrawal agreement, there will be a Brexit transition period that will run until 31 December this year, just before Big Ben reliably ushers in 2021.

Concerns about receiving data

Following Brexit, we do not expect you to have any difficulties transferring data to EU member states.

However, issues could arise if you are expecting, or reliant on, receiving data from the EU as the GDPR restricts the transfer of data outside of the EU.

The UK will be considered a ‘third country’ by the EU for the purposes of data transfer after Brexit.

While it is hoped that, by the end of the transition period, the UK will be assessed by the EU as adequate for the purposes of receiving data being sent from an EU member state, you should not automatically assume that this will happen. To some extent, this will be dependent on the terms of longer-term trade arrangements, if any are agreed, between the UK and EU.

Ensuring long-term compliance

If you are reliant on receiving data from the EU, you should seek legal advice on the terms of your contractual arrangements and on the measures that you could implement to ensure a free flow of data to your organisation from the EU.

We will keep you up to date as we learn more about how discussions during the Brexit transition period take shape.

With significant experience in helping clients with data protection issues, our Commercial team can advise you on the extent of your obligations in plain and simple terms and support you in ensuring that you are data protection compliant.