A Brexit no-deal would obstruct the free flow of personal data from the European Union (EU) to the UK, the UK Government has warned, going on to urge its firms to proactively address potential disruptions.
The European Commission (EC) has said it will not agree to put in place, or enter discussions over, arrangements that would allow the continued flow of personal data from EU companies, including subsidiaries, to UK firms until the country leaves the bloc and becomes a third country.
In a series of technical guidance in preparation for a no-deal scenario between the EU and UK, the Department for Digital, Culture, Media and Sport said UK companies could continue to transfer personal data to companies or subsidiaries in the EU as before, but a reciprocal arrangement is less certain.
Stressing that it continues to believe a no-deal is unlikely come March 2019, the UK Government reiterated that the collection and use of personal data is regulated by the EU’s General Data Protection Regulation (GDPR). Under these rules, firms can only transfer personal data outside the EU where there is legal basis, while personal data can be transferred within EU countries without restriction.
“The legal framework governing transfers of personal data from organisations (or subsidiaries) established in the EU to organisations established in the UK would change on exit,” the government said.
“The UK would at the point of exit continue to allow the free flow of personal data from the UK to the EU. The UK would keep this under review,” it added.
The EC uses adequacy, or equivalence, decisions to grant the flow of personal data to countries outside the EU. This would also apply to the UK should it fail to broker a deal with the EU.
“The European Commission has stated that if it deems the UK’s level of personal data protection essentially equivalent to that of the EU, it would make an adequacy decision allowing the transfer of personal data to the UK without restrictions,” said the UK government.
Full article on Commercial Risk (subscription required)
© Commercial Risk Europe
Hover over the blue highlighted
text to view the acronym meaning
over these icons for more information
No Comments for this Article