NEWS

Data protection if there is no EU Exit deal

The following information originally appeared on the Care England website.

Overview

  • Leaving the EU with a deal remains the Government’s top priority; this has not changed.
  • The Government has accelerated ‘no deal’ preparations to ensure the country is prepared for every eventuality – it is the responsible thing to.
  • In the event that the UK leaves the EU on 29 March 2019 without a deal, UK businesses will need to ensure they continue to be compliant with data protection law.
  • The General Data Protection Regulation (GDPR) will be brought into UK law, meaning that current GDPR standards and existing guidance will continue to apply to businesses operating within the UK.
  • The GDPR contains additional rules to protect data that is transferred outside the EEA (known as restricted transfers). From 29 March 2019, if there is ‘no deal’, these rules will apply to data transferred from the EEA to the UK.
  • The rules on transferring data to a non-EEA state are simpler if the European Commission has decided that data is adequately protected in that state. If the UK exits without a deal on 29 March 2019, we do not expect the European Commission to issue an adequacy decision in time. This means that UK businesses must act now to comply with the GDPR rules on international transfers if they are transferring personal data across borders.
  • The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, businesses will be able to send data to the EEA as they do currently. However, businesses will need to update their documentation and privacy notices as appropriate

To download the full briefing note, click here.

About the author

Tamara Birch