What are the data protection implications for your organisation post-Brexit?

How does Brexit impact data protection in the UK?

The UK General Data Protection Regulation (GDPR) is the retained EU law version of the GDPR and was brought about following the UK’s decision to leave the European Union. with the Data Protection Act 2018, they set the legal framework for handling and processing data in the UK.

Despite the UK having officially been out of the EU for over a year, there are still concerns and questions regarding how data should be processed in accordance with data protection laws.

Concerns about receiving data

Transferring data through the UK and to the remaining EU countries is still permitted under the UK GDPR. However, countries that are not deemed to provide adequate protection in relation to data processing are prevented from receiving data from the UK without special terms and measures in place.

As of 21 March 2022, a new International Data Transfer Agreement was brought into force which facilitates data transfers to countries not approved to receive data under EU and UK law. Please see our article here for more information regarding the IDTA and related issues.

Ensuring long-term compliance

If you are reliant on receiving data from the EU or otherwise, you should seek legal advice on the terms of your contractual arrangements and on the measures that you could implement to ensure a free flow of data to your organisation.

With significant experience in helping clients with data protection issues, our Commercial team can advise you on the extent of your obligations in plain and simple terms and support you in ensuring that you are data protection compliant.