With the uncertainty surrounding Brexit, many are worried about what will happen to data transfers and data protection if the UK leaves the European Union. For businesses that transfer data across EU nations, there is particular concern.
Will the UK have to comply with GDPR after Brexit? If so, will certain rules change?
What we know so far
In the event of a ‘deal’ or ‘no deal’ Brexit, the UK government has said there would be no immediate changes to our data protection standards. No matter what happens, GDPR will be transferred into UK law, and the Information Commissioner will remain the UK’s independent authority on data protection. It is also important to note that this new adapted law would sit next to the already-existing Data Protection Act 2018, so there wouldn’t be any changes for the foreseeable future.
What to do if your business receives personal data from the EU
If Brexit does occur, you should review all of your contracts and make sure to include Standard Contractual Clauses (SCC) and other legal safeguards. This should allow you to legally receive personal data from EEA countries post-Brexit. If your organisation is part of a multinational group, you might be able to rely on Binding Corporate Rules (BCRs) which would allow personal data to be transferred within the group. Make sure to put everything in place before exit day.
ICT Solutions can help
We hope that this gives you an idea of the current situation regarding GDPR and Brexit. We can confirm that data protection will not be compromised by the UK’s departure from the EU, even though the legislation will change slightly. Businesses need to ensure that legal safeguards are put into contracts to ensure that any data sharing is lawful. Ultimately, GDPR will still play a big part in data protection, just as it does now.
At ICT Solutions, we offer a GDPR Compliance Service that is designed to help your business remain completely compliant and ethical. No matter what happens with Brexit, we are here to assist in any scenario.