“No Deal Brexit”: ICO and UK Government Issue Data Protection Guidance

The UK Parliament’s rejection of the Government’s Brexit withdrawal agreement might be an anticipated turn of events, but it also means that the possibility of the UK leaving the EU with a No Deal Brexit is becoming more and more likely. Time is running out and uncertainty is building up, so in preparation UK government recently released additional guidance to supplement the ICO’s description of the future data protection regime.

The pre-effective days of the GDPR (25th of May 2018) were a time of many speculations whether UK businesses need to get compliant with the Regulation given the ongoing negotiations on Brexit. The timeframe was confusing – the effective date of the GDPR was just 6-7 months prior the final resolutions on the UK-EU Brexit negotiations, which are expected to finish on 29th of March 2019. Most business experts were hoping that, since the UK was initiating Brexit, GDPR compliance would be unnecessary.

The benefits of the GDPR are numerous, among which are the better-defined data subject’s rights, the ability to exercise more control over how, when and why their personal data is being used, the opportunities to easily file complaints when necessary with pre-defined authorities or employees of the companies. However, businesses are still concerned mostly with the extra administrative burden and the cost associated with GDPR implementation.

The UK Government’s solution was the adoption of the UK’s Data Protection Act, which not only covers all of GDPR’s requirements but in some ways is stricter and builds upon them. The Data Protection Act was first only a Data protection Bill, announced in the annual Queen’s speech on June 21st 2017 further highlighting that the UK will remain a “world-class” data protection regime.

The Data Protection Act had a twofold meaning – on one hand, to implement the GDPR measures and requirements by making them even stricter and stronger, and on anther– to reassure that the provisions of the GDPR are reaffirmed even after Brexit.

The Information Commissioner Elizabeth Denham of the UK’s ICO has published a blog, explaining the possible outcomes for data transfers after Brexit.

In summary:

  1. UK leaves EU with a proper and well-structured withdrawal agreement that specifically provides for the continued flow of personal data – In this scenario the two-way flow of personal data will be clear and specific.
  2. UK leaves EU without a withdrawal agreement that specifically provides for the continued flow of personal data – This second option is the negative outcome of the negotiations and organisations impacted by this outcome need to be prepared, though not every organisation dealing with personal data of the EU citizens will be affected. For example:
  • Internal dealings with personal data inside the UK’s borders won’t change, as the Government has made clear that the GDPR will be absorbed into UK law at the point of exit, and it is expected that there will be no substantial change of the rules that most organisations need to follow. This legal Act was called the “UK GDPR”.
  • In case the data protection transfers take place outside of the UK’s borders:

– The UK Government has stated that it intends to permit data flow from the UK to EEA countries.

– However, transfers of personal information from the EEA to the UK will be affected.

In this context, the ICO has issued a broader guidance on the effects of leaving the EU without a withdrawal agreement in order to help the affected organisations in their preparations.

One of the Guidance’s general remarks is the fact that after Brexit, certain parts of the GDPR won’t be in force for the UK anymore. For example, those requirements mentioning the UK’s participation as a Member State of the EU will no longer be valid. At the same time, since it was already mentioned that the internal UK regime won’t change significantly, the figures of the data processor and the data controller will still be valid, however, when data processing is taking place outside of the UK or involves processing of personal data of UK citizens, the UK GDPR will be in force. This will be the case when goods and services are being offered to UK citizens from outside or when monitoring the behaviour of individuals takes place in the UK.

The full Guidance, issued from ICO, could be found HERE

Disclimer: The content of this article is intended to provide a general guide to the subject matter, it is not legal advice and should not be treated as one. Specialist advice should be sought about your specific circumstances.

54 thoughts on ““No Deal Brexit”: ICO and UK Government Issue Data Protection Guidance

  1. Leon Bierstedt says:

    Thanks for another magnificent post. Where else could anyone get that kind of information in such an ideal way of writing? I have a presentation next week, and I am on the look for such info.

  2. bitcoin 2014 crash chart says:

    The next time I learn a weblog, I hope that it doesnt disappoint me as much as this one. I imply, I do know it was my choice to learn, however I actually thought youd have one thing interesting to say. All I hear is a bunch of whining about one thing that you could fix in case you werent too busy in search of attention.

  3. cheap moving says:

    Hi , I do believe this is an excellent blog. I stumbled upon it on Yahoo , i will come back once again. Money and freedom is the best way to change, may you be rich and help other people.

  4. compare quotes says:

    Hi there! Someone in my Facebook group shared this website with us so I came to check it out. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers! Outstanding blog and amazing design.

  5. clé perdue says:

    Nice read, I just passed this onto a friend who was doing a little research on that. And he actually bought me lunch as I found it for him smile Therefore let me rephrase that: Thanks for lunch!

  6. vurtil opmer says:

    Hi there! This post couldn’t be written any better! Reading through this post reminds me of my old room mate! He always kept chatting about this. I will forward this article to him. Fairly certain he will have a good read. Many thanks for sharing!

  7. landscaping Christiansburg says:

    Once I originally commented I clicked the -Notify me when new comments are added- checkbox and now each time a remark is added I get four emails with the identical comment. Is there any way you can remove me from that service? Thanks!

  8. buy p2 face mask says:

    I was just searching for this info for some time. After six hours of continuous Googleing, finally I got it in your web site. I wonder what is the lack of Google strategy that do not rank this type of informative web sites in top of the list. Generally the top sites are full of garbage.

Leave a Reply

Your email address will not be published.