No-Deal Brexit – what impact will it have on cross-border transfers of personal data
With so much political uncertainty surrounding Brexit and what it might mean for the UK, businesses can be forgiven for assuming that they can do little to plan for it. However, in terms of data protection, there are a few important steps that a business can take to prepare. One of the most important of these steps relates to ensuring that cross-border transfers of personal data can continue in the event of a no-deal Brexit.
International Data Transfers
Transfers from the EEA to the UK
Irrespective of whether there is a no-deal Brexit or not, the GDPR will continue to apply in the UK in conjunction with, and subject to, the Data Protection Act 2018. However, this does not mean that nothing will change in relation to transfers of personal data from the EEA. This is because, unless a withdrawal agreement mandates otherwise (which, at least in the short term, seems unlikely), the UK post-Brexit will be considered a ‘third country.’
The result of the UK being a “third country” is that the GDPR’s general prohibition on the transfer of personal data from any country in the European Economic Area (“EEA”) will apply. As such, companies will need to rely on a GDPR compliant lawful transfer mechanism (e.g. the Standard Contractual Clauses) in order to permit the transfer of personal data from the EEA to the UK.
Transfers to the EEA from the UK
The UK government has confirmed that the UK will continue to allow the free flow of personal data from the UK to the EEA in the event of a no-deal Brexit (meaning that no lawful transfer mechanism is required in relation to these data flows).
Transfers from the UK to non-EEA countries
With respect to data transfers from the UK to non-EEA countries, the same law will continue to restrict those data transfers as is currently the case. So, in other words, the European Commission’s adequacy decisions will continue to apply and, with respect to non-adequate countries, companies will still need to rely on a valid lawful transfer mechanism to transfer personal data to those countries.
What to do now?
In the short term, no additional steps are required for data transfers from the UK. However, businesses should review this position carefully as the UK and EU data protection regimes may diverge post-Brexit. For example, there is no guidance on the approach the UK government will take if and when the European Commission grants further adequacy decisions, e.g. will the UK government automatically deem that country adequate or will it mandate that additional hurdles must also be met?
With regards to data transfers from the EEA to the UK, all UK businesses should consider if they are receiving personal data from organisations based in the EEA. For example, if UK companies acquire marketing lists from EU based organisations to assist them with promoting any of their products then they will need to ensure that this information is transferred to the UK lawfully. Whilst, pre-Brexit, it may not be proportionate to amend all existing contracts with EU based organisations, we would recommend that all businesses identify those data flows that are material to its operations (or include valuable or sensitive personal data) and ensure a lawful transfer mechanism is put in place for those data flows before the UK leaves the EU. The Information Commissioner’s Office has stressed that no business should presume that free flows of personal data from the EEA are guaranteed and so all businesses should plan accordingly.
For more information please contact Freddie Law on +44 (0)20 7427 6522 or at freddie.law@crsblaw.com.
Our thinking
Grégoire Uldry
New Swiss succession law on the transfer of businesses
On 10 June 2022, the Federal Council adopted its Message amending the Civil Code on the transfer of businesses by succession.
Joshua Green
Joshua Green writes for Spear's Magazine on Wagatha Christie’s lessons for HNWs
Wagatha Christie’s lessons for HNWs
Stephanie Bonnello
Stephanie Bonnello writes for the Practical Law Dispute Resolution blog on witness evidence
When are witness summaries permitted instead of witness statements and when should material be struck out from a witness statement?
Emma Humphreys
Emma Humphreys and Paul McCarthy write for Property Week on the new landlord digital ID checks
Emma Humphreys and Paul McCarthy write for Property Week on new landlord digital ID checks
Louise Paterson
Artnet quotes Louise Paterson on the Ivory Act
UK’s Ivory Act comes into force
Nick Hawkins
Nick Hawkins writes for Employment Law Journal on demystifying employment contracts
Key considerations for drafting effective post- termination restrictions
Pei Li Kew
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Pei Li Kew writes for Pharmacy Business on the link between pharmacy and IP
Mark Howard
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Charles Russell Speechlys advises Acora on its acquisition of Secrutiny
Jonathan McDonald
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Jonathan McDonald provides comment for City AM on the Data Reform Bill announced in the Queen's Speech
Nick White
Charles Russell Speechlys advises Symphony Holdings Limited on the sale of its PONY trade mark portfolio for USD $28 million
Charles Russell Speechlys advises Symphony Holdings Limited on the sale of its PONY trade mark portfolio for USD $28 million.
Simon Ridpath
Simon Ridpath featured in the Lawyer’s Hot 100 list
Simon Ridpath features in The Lawyer’s Hot 100 list
Natalie Batra
Patents and Peppa Pig: What is happening to intellectual property rights in Russia?
Certain Russian individuals and businesses can now use patents, utility models and industrial designs without obtaining prior permission.
Simon Green
International Bar Association quotes Simon Green on the future of the legal sector in Hong Kong
International Bar Association quote Simon Green on the future of Hong Kong's legal sector
Charlotte Duly
Charlotte Duly quoted in Retail Gazette on House of Zana trademark dispute
Charlotte Duly quoted in Retail Gazette on House of Zana trademark dispute
Keir Gordon
Charles Russell Speechlys celebrates this year’s Sports Technology Awards finalists
The Sports Technology Awards celebrates tech-led innovation in sports, globally.
Mark Hill
Mark Hill quoted in The Times on the Ed Sheeran High Court copyright case win
Mark Hill quoted in The Times on the Ed Sheeran High Court copyright case win
Caroline Greenwell
Nowhere to hide for greenwashing brands
In the UK, regulators are cracking down, with many companies now at risk of financial and other penalties.
Jamie Cartwright
Weighing up the Plastic Packaging Tax
The Plastic Packaging Tax came into force on 1 April 2022.
Jamie Cartwright
Crunching numbers - Mandatory calorie laws come into force
The Calorie Labelling (Out of Home Sector) (England) Regulations 2021 (the Regulations) are now in force.
Mark Hill
Mark Hill quoted in the Daily Mail discussing Ed Sheeran’s copyright court case win
Mark Hill quoted in the Daily Mail discussing Ed Sheeran’s copyright court case win