Blog
GDPR and Brexit: the draft withdrawal agreement and data transfers from the EU
Andrew Solomon
With the UK due to leave the EU on 29 March 2019, UK Parliament is working towards creating new regulations to ensure that the UK’s data protection standards will be equivalent to EU law post-Brexit. The UK would use this as the basis for securing an adequacy decision from the European Commission meaning that our legal framework is deemed to provide adequate protection for individuals’ rights and freedoms over their personal data. As discussed in our previous blog, this would facilitate cross-border transfers of personal data and business continuity as the UK aims to trade with the single market on equal terms.
The GDPR is an EU regulation and will technically no longer apply in the UK (in its current guise) after Brexit if we leave the EU without a deal. On 19 December 2018, UK Parliament published new draft regulations called The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 with the core objective of creating a version of GDPR that works in a UK-only context rather than across the EU as a whole. The new regulations will only come into effect on 29 March 2019 if approved by the UK Parliament.
The new regulations would achieve this by amending the Data Protection Act 2018 (“DPA 2018”) which tailors and implements GDPR into UK domestic law. Technical amendments would include removing references to the UK’s participation as a Member State of the EU. This is important because GDPR (as modified) will continue to be effective in the UK after Brexit due to the European Union (Withdrawal) Act 2018. In practice, this means that the UK data protection regime will operate with little change to the data protection principles, rights and obligations set out in GDPR even if we leave the EU without a deal.
According to the government, data transfers from the UK to the EEA will not be restricted after Brexit. If the UK leaves the EU without an adequacy decision or a Brexit deal the DPA 2018 will remain in place together with GDPR standards which apply to data coming from the EEA into the UK. It is important to note that there is no guarantee that the adoption of the new regulations will facilitate an adequacy decision.
With this in mind, you should consider no deal and no adequacy decision contingency planning in accordance with the ICO’s guidance for appropriate safeguards, for example entering into standard contractual clauses as between the sender and recipient of the personal data. If you are a multinational corporation reliant upon binding corporate rules for making transfers into and out of the UK, you will need to update these to reflect the fact that, under the EU GDPR, the UK becomes a third country on exit date. As noted in the ICO guidance, if as a result of Brexit you will be making transfers of personal data from the UK that will become restricted transfers (e.g. transfers between the UK and the EEA which were previously permitted as transfers between EU Member States), you should update your documentation and privacy notice to expressly cover those transfers.
Should you have any Brexit, GDPR or data protection queries, please contact Kingsley Napley’s Brexit or Data Protection teams.
In this webinar series, Ilda de Sousa, Partner in our Immigration Team discusses the challenges that a post no deal Brexit will have on UK based lawyers working in France, Italy, Ireland, Netherlands, Belgium, Spain and Luxembourg.
Watch the webinar seriesMarcia Longdon, Partner in our Immigration Team, speaks to immigration experts from France, Spain, Germany and Italy about the changes in immigration law for UK nationals.
Watch the webinar seriesAfter leaving the EU on 31 January 2020, the UK is now in a transition period. We discuss what this means for people moving to and from the UK, and what the UK's immigration system may look like after the transition period. 31 January 2020
READ MOREAs the UK will leave the EU tonight at 11pm when we'll move into a transition period, Kim Vowden discusses what happens next for EU citizens arriving in the UK or those thinking of moving here. 31 January 2020
WATCH OUR SHORT VIDEOA simple chart showing what will happen to EU citizens living in the UK if there's a deal or if there's no deal.
5 September 2019
READ MORE29 August 2019
Read more9 May 2019
READ MORE1 February 2019
Read News Item29 January 2019
READ MORE19 September 2018
Read the blog31 August 2018
Read the blog9 August 2018
Read the blog30 July 2018 - Hanging over this year’s Tour de France, at least for this British cycling fan, was the realisation that this is probably the last Tour pre-Brexit, and so there is an additional level of uncertainty about what the 2019 post-Brexit edition will look like.
Read the blog16 July 2018 - A question you may ponder as you relax on that sunlounger in the weeks ahead is whether you need to review your arrangements for any EU based property in light of Brexit.
Read the blog9 July 2018 - Two Solicitor friends of mine recently asked me to sign their applications to register with the Law Society of Ireland. I asked them if they were thinking of moving.
Read Blog Post18 June 2018
View Tweet29 March 2018 - As avid golfers focus their attention on the US Masters in Augusta Georgia next month, many at the 19th Hole will be pondering the impact of Brexit on their beloved game.
Read the blog22 March 2018 - The House of Commons Library published a Briefing Paper on 7 March 2018 outlining the language testing requirements imposed upon healthcare professionals who qualified outside of the UK.
Read Blog Post5 March 2018 - The UK is home to a myriad of sports employing foreign nationals and receiving investments from overseas companies. Learn how Brexit will impact horse racing and all who are part of it.
Read Blog Post21 March 2018 - The UK is home to a myriad of sports employing foreign nationals and receiving investments from overseas companies. Learn how Brexit will impact motor racing and all who are part of it.
Read Blog Post17 April 2018
View Tweet10 July 2018 - No sooner are we one year into the new regime under the Money Laundering Regulations 2017 than a further EU instrument has been adopted.
Read Blog PostWe welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
Andrew Solomon
Skip to content Home About Us Insights Services Contact Accessibility
Share insightLinkedIn Twitter Facebook Email to a friend Print