Posts Tagged ‘data transfer’

The effect of a no-deal Brexit on data transfers

Posted on: November 23rd, 2020

Following its exit from the European Union on 31 January 2020, the UK is now in a transitional period during which it had hoped to negotiate a new agreement with the EU to govern their future relationship. This transitional period is rapidly coming to an end and, at present, no agreement has been reached. The more time ticks by, the more it seems highly likely the UK will exit the EU without a withdrawal agreement and without any distinct framework to govern our future relationship with the EU. If your business is currently wrestling with the challenges involved in preparing for a no-deal Brexit, we hope this article will assist in summarising the future position in relation to data transfers and how you can best prepare.

Does this affect your business?

Your business will be affected by the change where it operates in both the EU and UK, and your business model is built on routinely transferring data between each entity.

What is changing?

Currently, as part of being in the EU, the law around personal data and the transfer of personal data is governed by the General Data Protection Regulation (‘GDPR’). The GDPR permits businesses in the UK to transfer data freely between EU Member states and back again. Whilst much of the GDPR will be retained in the UK post-Brexit, the impact of us leaving the EU is that the UK will be categorised as a ‘third country’ by the EU. The GDPR imposes restrictions on the transfer of personal data to a ‘third country’ and therefore, data will no longer be able to be freely transferred in the way it is currently.

Whilst the UK Government has stipulated that it does not intend to apply such restrictions on the transfer of personal data from the UK to the EU, the EU have not been so accommodating and have not granted a similar condition in respect of data transfers from the EU to the UK. What we do know is that the transfer of personal data from the EU to the UK will be allowed where it is covered by:

The UK is still hoping to agree an adequacy decision with the EU which would eradicate the need for businesses to implement other specific safeguards when transferring data between the EU and the UK. Any adequacy decision is unlikely to be reached swiftly and therefore it is advisable for businesses who operate in both the UK and EU to implement specific safeguards when dealing with the transfer of personal data.

What you need to do

If your business will be affected by this change, you may want to consider implementing one of the following safeguards to ensure any date transfer remains lawful:

Where you do not have any EU offices, branches or other establishments, but you still process data in the EU, for example by offering goods and services in the EU, you will need to appoint a representative in the EU who will be responsible for your EU GDPR compliance.

If you have any questions about the content of this article, the Commercial & IP Team at Coffin Mew would be happy to help so please do get in touch.

Scroll Up
Our priorities are people's health and looking after our clients. Please click here to find out the latest updates on Coffin Mew's coronavirus hub.