24 September 2018

One of the issues addressed in the Government’s recent series of papers on a “no deal Brexit” is that of personal data.

In the notice “Data protection if there’s no Brexit deal”, the Government sets out how the collection and use of personal data would change if the UK leaves the EU in March 2019 with no agreement in place with the Union.

Available at https://bit.ly/2MnG2eQ, its key message is that there would be no immediate change in the UK’s own data protection standards, as the Data Protection Act 2018 would remain in place and the EU Withdrawal Act would incorporate the General Data Protection Regulation (GDPR) into UK law.

However, the legal framework governing transfers of personal data from organisations (or subsidiaries) established in the EU to organisations established in the UK would change — and action would be required by individual businesses to make sure that EU organisations could continue sending them personal data.

Commenting on the notice Julian David, the CEO of techUK, said that it shows how damaging leaving without a deal would be to the UK.

Describing it as a textbook example of the problems that a no deal Brexit would cause, Mr David warned that despite the British Government’s willingness to seek an adequacy decision it would not be ready before the UK left.

The Government is unable to help UK companies seeking to transfer data from the EU to the UK, he warned, and businesses here will instead have to rely on complex processes such as Standard Contractual Clauses (SCCs).

“While this is out of the UK Government’s control, businesses need to be aware of this fact and it is, therefore, disappointing that it is not recognised in the technical notice,” he added.