With the deadline for Brexit looming, businesses must be aware of their obligations towards data and need to understand how the flow of their data might be affected by the result of a no deal. Here is a quick overview with some key points that must be addressed by businesses in order to prepare for a no deal scenario.
GDPR will continue to apply to the UK once it leaves the EU, GDPR will be incorporated into UK domestic law as part of the European Union Withdrawal Agreement and will continue to function alongside the Data Protection Act 2018.
However, the biggest challenge of the Brexit process is the prospect of leaving without a deal. The UK government has said that in the event of a ‘No Deal’, it would permit data to flow from the UK to countries in the European Economic Area (EEA); however, it has no control over the flow of data from the EEA to the UK. There will likely be an impact on this flow of information which will add additional workload and pressures to companies who share information across the UK border.
A ‘no deal’ Brexit will impact on the flow of information to and from the UK. Companies must consider alternatives to ensure compliance with GDPR
Every organisation that processes personal data, transfers such data, or has a group entity in the UK will need to put in place measures to ensure compliance.
The Information Commissioner’s Office (ICO), the UK regulator responsible for data protection enforcement, has issued advice to those organisations which rely on EEA data transfers, explaining that alternative transfer mechanisms may be required in the event of a no-deal Brexit. The European Data Protection Board, which replaced the Article 29 Working Party as part of GDPR and compromised representatives from each Member State’s data regulator, has published similar advice to European organisations.
Key steps to prepare for a no-deal
It’s imperative for businesses to understand how data flows within the business and through its third-party suppliers.
- Maintaining up-to-date records of processing and form a complete list of all data flows to and from the UK
- Identify and plan for alternative transfer mechanisms
- Review all data protection notices and amend where necessary. Consider notices that have a blanket statement such as ‘No personal data will be transferred out of the EU/EEA’.
- Consider updates required to Data Protection Impact Assessments
- Ensure only the correct people have access to data
Following the steps above, organisations can be better prepared to comply to the data regulations in the even of a no deal.View More Articles
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests
- 12th August 2019Is GDPR now being taken more seriously?
- 5th August 2019The financial impact of Subject Access Requests
- 1st August 2019DDC AS Launches SmartRedact
- 31st July 2019Don’t be blindsided by your organisations handling of data