September 23, 2023

Volume XIII, Number 266


September 22, 2023

Subscribe to Latest Legal News and Analysis

September 21, 2023

Subscribe to Latest Legal News and Analysis

Post-Brexit Data Protection – Where Are We Now?

After years of political squabble and delays, Brexit day finally arrived on 31 January 2020. But what does it mean when we talk about the UK’s withdrawal from the EU and how will data protection regulation and compliance change?

There will be little change during the transition (also known as “implementation”) period that is expected to end on 31 December 2020. During this period, EU law will continue to apply in the UK, including the EU General Data Protection Regulation (GDPR), after which the GDPR will be converted into UK law.

Assuming all goes to plan (which is almost impossible where Brexit is concerned), the UK will be a “third country” under the GDPR from 2021. What does this mean for data flows in and out of the UK?

  • The UK Government has acknowledged that it will recognise all EEA countries under its own adequacy ruling and incorporate all existing EU adequacy decisions. This will allow organisations within the EU to continue facilitate data transfers from the UK to these countries;

  • GDPR restrictions will apply to personal data being transferred into the UK unless the EU establishes that the UK is an “adequate” country. This will require the European Commission to assess and approve the UK for adequacy. This is unlikely to get across the line by this time and so organisations should ensure that they have implemented appropriate safeguards for inbound data transfers, such as adopting the EU’s standard contractual clauses in its arrangements with EU based entities; and

  • Organisations based in both the UK and the EU will need to update their privacy notices to reflect the change in status.

The UK Government has said that it plans to continue GDPR post the transition period and so organisations should maintain their compliance on that basis. However, if Brexit has taught us one thing, it’s that we can never be certain so watch this space!

Copyright 2023 K & L GatesNational Law Review, Volume X, Number 35

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Senior Attorney

Ms. Aggromito is a senior lawyer in the lawyer in the Melbourne commercial technology and sourcing team focusing on IT, privacy and data protection.