The Brexit Data Blockade? | DMA

Filter By

Show All

Connect to


The Brexit Data Blockade?


On 29th of March, as things stand at the time of writing, the UK will be leaving the EU (some of our intrepid Microsoft Dynamics 365 experts will hopefully have just returned home after making the most of our final day of EU membership attending CRMUG Summit EMEA in Amsterdam!). If that ends up being without a deal, that could end up having implications for UK companies transferring data across national boundaries. It might not be caught up in a lorry park in Kent, but without a bit of preparation, you could find your data transfers being impacted.

While GDPR and its implementation in the UK has been the focus for over a year – and whatever happens with Brexit it will remain in effect in the UK – we may now need to think of ourselves as outsiders with respect to the EU GDPR.

WE ARE NOT LAWYERS! None of this article is legal advice, contact your legal advisor if you need more details. Also see the ICO articles on Brexit. There’s also some more background and comment on the BBC site.

From the time of Brexit, any data flowing from the EU to the UK would need to be treated in the same way as any data currently flowing from the EU (including the UK) to other third countries such as the US. Broadly, this will mean that either:

  1. The EU makes an “adequacy decision”, essentially stating that the UK data protection regime is at least as strong as those in the EU. As GDPR is to be retained in the UK there should be no reason this won’t be forthcoming eventually, but may take some time.
  2. You should implement standard contractual clauses – text defined by the ICO to add into your contracts to ensure data protection safeguards. This will likely be the short-term solution for most SMEs, and can be obtained from the ICO
  3. Larger organisations that will still have a presence in the EU can use binding corporate rules to demonstrate their data protection compliance worldwide

Data transfers from the UK to the EU will not be impacted, as the government has already confirmed that they will not be introducing any additional regulations on this. However, you may need to update your documentation such as privacy notices to make it clear where personal data is being sent. You may also have contracts in place stating that data will not leave the EU, which may need to be updated to include the UK.

So far, so good – if you’re dealing with the UK and EU then there might be a bit more paperwork to do, but hopefully not too much of a problem if you’re prepared. But what about other countries? While our focus has been on the EU and GDPR, other countries have been busy implementing their own data protection legislation. In particular, Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay and USA currently have adequacy decisions from the EU to some extent, indicating they have similar data privacy protection as GDPR. As such, they will have similar restrictions on the transfer of personal data, and while part of the EU the adequacy decisions will have permitted the transfer of data from these countries to the UK. When we are outside the EU, the UK will need to renegotiate those arrangements as well as that with the EU itself, so you should take advice from the authorities in those countries.

Hear more from the DMA

Please login to comment.


Related Articles

A telemarketing programme involving hundreds of one-to-one conversations with customers and prospects is the perfect opportunity to perform a thorough proof of concept. It enables you to learn quickly and validate your approach in a systematic, transparent way, so you set off on a better track.

Depositphotos_667828676_S (1).jpg

Economic pressures have plagued households for several years, with brands facing the challenge of engaging consumers who are more budget-conscious than ever before. As a result, brand loyalty has sharply declined, with 61% of consumers being less likely to stick with brands in 2023 compared to 41% in 2022.

Cost of Living Exit Strategy Report 20244

Purple Square’s Tim Biddiscombe interviewed marketing data and tech industry veteran Andy Masters about the essential roles of listening, learning and trust in building holistic and effective customer journeys.

Thumbnail Reimagining CX _Andy Masters 600x400.jpg

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.