“If your organisation shares personal data with organisations in the European Economic Area (EEA), you will need to take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal.” Department for Exiting the European Union.
Although the government is still hoping to deliver a ‘negotiated deal’ with the EU it is also “accelerating” no-deal preparations.
What are the implications on data protection in a no deal scenario?
If the UK exits the EU UK on 29 March 2019 without a deal the UK would still be subject to the GDPR but as of 30 March 2019, the UK would become a “third country”.
One of the ways in which personal data can be lawfully exported to a third country is by what is called an an ‘adequacy decision’ from the European Commission.
Argentina, Canada, Switzerland and many other countries already have been recognised as providing adequate protection but there is little chance that UK will have been deemed ‘adequate’ by the European Commission by 30 March 2019.
The Information Commissioners Office (ICO) has said; ‘an assessment of adequacy can only take place once the UK has left the EU. These assessments and negotiations have usually taken many months.’
Preparing for no-deal Brexit
Amid the chaos and confusion, organisations of all sizes are looking for; guidance, information and advice on specific data protection rules and regulations.
All businesses operating in the EEA should consider whether they need to take action now.
The Brexit Briefing by Data Protection World Forum will look at what the implications are for data protection if there is a no-deal Brexit. Speakers include:
- Ian West, Executive Vice President & COO GDPR Associates
- Iavana Bartoletti, Head of Privacy and Data Protection, Gemserv
- Abigail Dubiniecki, Data Privacy Specialist, My InHouse Lawyer
- Kwame Opoku-Addo, Business Change Analyst, Government Legal Department
- Anthony Lee, Partner, DMH Stallard LLP