What does no Brexit deal mean for data protection?

The ICO has prepared a guide accessible on its website outlining the key points to be considered by UK-based entities should the UK exit the European Union without a deal on 29 March 2019.

The Guidance, highlights of which are illustrated below, it relevant to UK-based businesses to which the GDPR currently applies and that send personal data outside the UK, receive personal data from the EEA, or receive personal data from adequacy decision countries.

The laws regulated by the ICO which will be influenced in a no-deal Brexit include:

  1. The GDPR: Once the United Kingdom leaves the European Union, the General Data Protection Regulation will no longer be part of UK law. The Brexit Withdrawal Agreement, however includes the writing of the GDPR into UK law, amending it for the UK GDPR.  The UK GDPR will apply to processors and controllers based outside the UK when processing relates to the offering of goods and services to data subjects located in the UK and in relation to the monitoring of the behaviour of individuals that takes place in the UK.
  2. The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the upcoming e-Privacy Regulation
  3. Network and Information Systems Regulations 2018 (NIS)
  4. Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS)
  5. The Data Protection Act 2018, which came into force at the same time of the GDPR.

The ICO recommends that UK businesses and organisations pay particular attention to these laws that are regulated by the ICO, particularly for what concerns:

If you or or business deals with UK or EEA data transfers, you can find more specific guidance in the ICO’s complete guide here.

Comments are closed.