Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Karthyaeni Vittala
    • Tina Cowen
    • D A T Green
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Tony Curzon-Price
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina James
    • Maria Constantin
    • Sophia Yakhno
    • Rachael Machado
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

Brexit and the GDPR: “Deal” or ‘No Deal’

October 17, 2019By Preiskel & Co

As currently being announced in the press, an amended draft text for a Brexit Withdrawal Agreement has been agreed between the UK and the European Union. Next is the vote by Parliament this weekend, where it is far from certain that the proposed bill will receive the majority support necessary to progress through the legislature.

What happens if there is a successful Withdrawal Agreement?

There is an increasing chance that the amended Withdrawal Agreement as published 17 October 2019 (with amendments to replace the backstop) may be approved by Parliament and there could be enough time for the legislation to pass prior to the 31 October 2019. If this is the case and the Withdrawal Agreement is brought into law, there is likely to be a transition period. During that time the GDPR will continue to apply in the UK. However, at the end of the transition period, the default position is the same as a no-deal Brexit, though there may be further adjustments depending on what agreements are made during the transition period.

What happens in the event of Brexit and no deal?

If there is a ‘no deal’ Brexit, under the European Union (Withdrawal) Act 2018, the General Data Protection Regulation (GDPR) will be retained as domestic UK law (UKGDPR).

Currently, GDPR regulates the transfer of personal data outside the European Economic Area (EEA) known as ‘restricted transfers’, and companies should already have arrangements in place covering such data transfers.

Post-Brexit there will be a further two considerations. First, since the GDPR will become domestic UK law, how to remain compliant if a data transfer from the UK outwards now becomes a restricted transfer. Secondly, how can a company continue to receive personal data from outside the UK, even if it is from an EEA country.

  1. UK outwards transfer post Brexit

As the UKGDPR will apply, it will be similar to the requirements that currently apply to restricted transfers outside the EEA. The main options to remain compliant are having an adequacy decision, or inserting an appropriate safeguard (i.e. the standard contractual clauses into the data transfer agreement).

The UK government has announced that they intend to recognise the EU adequacy decisions made by the European Commission prior to the exit date. The UK government has also stated that with Brexit, transfers of data from the UK to the EEA will be permitted and will be kept under review.

Companies should identify where it is necessary to put in place appropriate safeguards, or where they will be covered by the current EU, and prospective UK adequacy decisions.

  1. Receiving transfers into the UK

The established EU GDPR will continue to apply to current EEA senders of personal data, and a UK entity may be considered in receipt of a restrictive transfer of personal data if they act as a data controller or a processor located in the UK.

The European Commission has not confirmed that an adequacy decision will be extended to the UK post-Brexit. This means that an EEA sender should put into place appropriate safeguards, which are the standard contractual clauses.

Transfers from countries with EU Commission adequacy decisions will have individual national legislative restrictions on transferring personal data outside the EEA. These national restrictions will need to be complied with after the UK leaves the EU.

Summary

Though there may yet be a deal agreed between the UK and the EU, the UK Government’s ‘no deal’ technical note regarding data protection will remain relevant for any possible transition period.

To prepare, it is recommended to have a thorough understanding of where personal data is transferred during the course of business. Companies should identify where it is necessary to put in place appropriate safeguards in the form of the standard contractual clauses. Should the personal data be received from a country currently covered by an EU Commission adequacy decision, this should be kept under review with the understanding that each country may require differing safeguards.

Please contact Jose Saras and Joanna Coombs-Huang if you have any questions relating to data transfers post Brexit.

Latest Preiskel & Co blog posts
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data
    March 28, 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets
    March 22, 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape
    March 22, 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill
    March 17, 2023
  • Stormy weather for cloud computing in the EU
    March 16, 2023
  • Inmarsat Takeover Provisionally Cleared for Take-Off
    March 10, 2023
  • EDPB’s Feedback on the New EU-U.S. Data Privacy Framework
    March 6, 2023
  • UK Data Reform Bill to return to the House of Commons
    March 3, 2023
  • DCMS Publishes New Security and Privacy Principles for App Store Operators and Developers
    February 16, 2023
  • DPO’s Dismissal & Conflicts of Interest Under The EU GDPR – CJEU Ruling
    February 14, 2023
  • ICO – Change of Deadline for Reporting Breach Notifications for Communication Service Providers
    February 6, 2023
  • General EU Requirements for Cookie Banners – EDPB Task Force Report
    January 27, 2023

The Preiskel Blog

  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data 28 Mar 2023
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets 22 Mar 2023
  • Brussels Conference brings in industry leaders to discuss the international antitrust landscape 22 Mar 2023
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill 17 Mar 2023

Preiskel news

  • Senior Partner, Danny Preiskel, quoted by IT Pro on the costs incurred by MNOs
  • Senior Partner, Danny Preiskel, will be a panellist at GCCM Carrier Community 2023 on IOT
  • Jose Saras and Xavier Prida Awarded First Place as Data Protection Thought Leaders in the UK
  • Ronnie Preiskel chosen to judge 24 May 2023 The Tech Capital Global Awards
Preiskel tweets
  • Advocate General Opinion on Automated Credit-Scoring & Retention of Insolvency Data. Find out more here: https://t.co/bJkvPBvj6F2 hours ago
  • Issues in the UK’s forthcoming Digital Markets, Competition and Consumer Bill. Find out more: https://t.co/3BHP1xq69Y5 days ago
  • White House’s Economic Report of the President sets out a roadmap to improve competition in digital markets. Find o… https://t.co/S7J7sX3kfs6 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2023 | Site map | Legal notices | Cookie Policy | Privacy