What is the framework for data protection during the Brexit transition period? What will be the situation after the transition period? Our Lexing UK correspondent tells you what you need to know about Brexit and personal data.
Brexit: where do we stand?
In the referendum of 23 June 2016, the British people voted 51.9% in favour of leaving the European Union.
The United Kingdom left the European Union on 31 January 2020, after 47 years of EU membership. In accordance with the Withdrawal Agreement, it is now officially a third country to the EU. The EU and the UK have, however, jointly agreed on a transition period, which will last until 31 December 2020.
During this period, the EU and the UK are negotiating on a new partnership, which will define the future relationship between the EU and the UK. Negotiations are currently still ongoing.
What are the consequences for personal data?
The end of the Brexit transition period is fast approaching. From a data protection perspective, this means that companies doing business with the UK will need to reassess their compliance position in relation to personal data flows to, or from the EU, and adjust as necessary.
Our Lexing UK correspondent provides an insight into the impact of Brexit on data protection and privacy and summarises the short, medium and long term considerations companies should be aware of.
As a taster, some of the topics we cover are:
- -What the status of GDPR will be after 31 December 2020?
- -What is the default position should there be no negotiated position on day one, and what contractual adjustments should be considered?
- -How to assess current contracts for international data transfers after the end of the transition period, with or without, a European Commission Adequacy Decision?
- -Will British companies need to appoint a representative based in the EEA?
Some recommended actions that can be taken now to make the transition as seamless as possible:
- -Ensure you are currently in compliance with GDPR.
- -Review your contractual documents with partners to check for provisions which prohibit processing outside of the EEA.
- -Assess your data flows and identify whether, following the transition period, you will be transferring data to the UK from the EEA or from the UK to the EEA.
- -Consider whether your data protection documentation, such as privacy notices, need updating to reflect the UK’s departure from the EU.
- -Get assistance from a data protection lawyer to develop and implement your strategy.