The Brexit Data Blockade? | DMA

Filter By

Show All
X

Connect to

X

The Brexit Data Blockade?

T-the-brexit-data-blockade_-(2)-274.png

On 29th of March, as things stand at the time of writing, the UK will be leaving the EU (some of our intrepid Microsoft Dynamics 365 experts will hopefully have just returned home after making the most of our final day of EU membership attending CRMUG Summit EMEA in Amsterdam!). If that ends up being without a deal, that could end up having implications for UK companies transferring data across national boundaries. It might not be caught up in a lorry park in Kent, but without a bit of preparation, you could find your data transfers being impacted.

While GDPR and its implementation in the UK has been the focus for over a year – and whatever happens with Brexit it will remain in effect in the UK – we may now need to think of ourselves as outsiders with respect to the EU GDPR.

WE ARE NOT LAWYERS! None of this article is legal advice, contact your legal advisor if you need more details. Also see the ICO articles on Brexit. There’s also some more background and comment on the BBC site.

From the time of Brexit, any data flowing from the EU to the UK would need to be treated in the same way as any data currently flowing from the EU (including the UK) to other third countries such as the US. Broadly, this will mean that either:

  1. The EU makes an “adequacy decision”, essentially stating that the UK data protection regime is at least as strong as those in the EU. As GDPR is to be retained in the UK there should be no reason this won’t be forthcoming eventually, but may take some time.
  2. You should implement standard contractual clauses – text defined by the ICO to add into your contracts to ensure data protection safeguards. This will likely be the short-term solution for most SMEs, and can be obtained from the ICO
  3. Larger organisations that will still have a presence in the EU can use binding corporate rules to demonstrate their data protection compliance worldwide

Data transfers from the UK to the EU will not be impacted, as the government has already confirmed that they will not be introducing any additional regulations on this. However, you may need to update your documentation such as privacy notices to make it clear where personal data is being sent. You may also have contracts in place stating that data will not leave the EU, which may need to be updated to include the UK.

So far, so good – if you’re dealing with the UK and EU then there might be a bit more paperwork to do, but hopefully not too much of a problem if you’re prepared. But what about other countries? While our focus has been on the EU and GDPR, other countries have been busy implementing their own data protection legislation. In particular, Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay and USA currently have adequacy decisions from the EU to some extent, indicating they have similar data privacy protection as GDPR. As such, they will have similar restrictions on the transfer of personal data, and while part of the EU the adequacy decisions will have permitted the transfer of data from these countries to the UK. When we are outside the EU, the UK will need to renegotiate those arrangements as well as that with the EU itself, so you should take advice from the authorities in those countries.

Hear more from the DMA

Please login to comment.

Comments

Related Articles

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

Companies are re-evaluating their packaging to better serve their disabled customers. This article explores the latest innovations in accessible packaging.

burger package.jpg

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg