A short memo of the regime post-Brexit
One question is being really up-to-date for the last 2 years: Will the firms still have to comply with the EU GDPR after Brexit?
Just after the appointing of the new UK Premier Boris Johnson, who promises to deliver Brexit for good, the question become more topical than ever.
Currently the rules around how businesses and organisations are using, collecting and storing the personal data are regulated by the UK version of the GDPR – the Data Protection Act 2018. Without a doubt, the Data Protection Act 2018 provides a comprehensive data protection framework.
How things will change?
- Regardless of whether the UK leave the European Union with or without a deal, there would be no immediate change in the UK’s own data protection standards. This is because the Data Protection Act 2018 would remain in place and the EU Withdrawal Act would incorporate the GDPR into UK law to sit alongside it.
- At the same time under the GDPR the organisations are only allowed to transfer personal data outside the EU if there is a legal basis for doing so, meaning that once the UK is out of the union this will become trickier.
- Realising the importance of the transferring of personal data even after Brexit, the UK government has announced that after Brexit the organisations will be allowed to send personal information from the UK to the EU. However, the receiving of personal data from EU to UK will not be that easy, as UK will no longer be part of the EU meaning that this will be consider trans-border transfer. The obvious solution is that UK will be assessed in order to receive an “adequacy decision” in order the transfer of personal data between UK and EU to be facilitated.
Disclaimer: The content of this article is intended to provide a general guide to the subject matter, it is not a legal advice and should not be treated as one. Specialist advice should be sought about your specific circumstances.