Data Protection if there is no EU Exit deal
- Leaving the EU with a deal remains the Government’s top priority; this has not changed.
- The Government has accelerated ‘no deal’ preparations to ensure the country is prepared for every eventuality – it is the responsible thing to.
- In the event that the UK leaves the EU on 29 March 2019 without a deal, UK businesses will need to ensure they continue to be compliant with data
- protection law.
- The General Data Protection Regulation (GDPR) will be brought into UK law, meaning that current GDPR standards and existing guidance will continue
- to apply to businesses operating within the UK.
- The GDPR contains additional rules to protect data that is transferred outside the EEA (known as restricted transfers). From 29 March 2019, if there is
- ‘no deal’, these rules will apply to data transferred from the EEA to the UK.
- The rules on transferring data to a non-EEA state are simpler if the European Commission has decided that data is adequately protected in that state. If
- the UK exits without a deal on 29 March 2019, we do not expect the European Commission to issue an adequacy decision in time. This means that UK
- businesses must act now to comply with the GDPR rules on international transfers if they are transferring personal data across borders.
- The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, businesses will be able to
- send data to the EEA as they do currently. However, businesses will need to update their documentation and privacy notices as appropriate