What happens to General Data Protection Regulations (GDPR) if a no-deal Brexit takes place? The government has made it clear that GDPR will be absorbed into UK law at the point of exit, so what does this mean?
This means that there will be no substantive change to the rules that most organisations need to follow, however, some will need to have a plan in place, particularly if they use cloud services based within the EU.
Here are some questions you should be asking yourself as a company, ready for March 29th:
How do you store data?
Jonathan Bamford, director of strategic policy at the Information Commissioner’s Office, says that “Many organisations don’t realise that their cloud services are not based in the UK, and that could expose them to risk.”
It’s quite a common thing for contractors to switch storage services to a cloud provider outside the EU, without notifying the company at the time.
How do you transfer data?
Organisations that rely on transfers of personal data between the UK and the European Economic Area (EEA) will be the ones most affected by a no-deal Brexit.
If the UK leaves the EU without a withdrawal agreement that specifically allows for the continued flow of personal data, then this two-way free flow may be affected.
Potential solutions to this include putting standard contractual clauses (SCCs) in place with companies outside of the UK. There is a SCC generator online which can help companies formulate the text they need to comply.
Linda NiChualladh, head of privacy, legal at Citi, says “If you’re a global organisation, you have to have regard for how you transfer data within your organisation. It is not just about third-party data transfers, so you might have to look at whether your binding corporate rules stack up in the light of GDPR and Brexit.”
No-deal means a big change in the digital economy
Eduardo Ustaran, co-director of the global privacy and cybersecurity practice at legal firm Hogan Lovells says “A no-deal Brexit definitely means more bureaucracy, not less. And all of this at a time when UK data protection is already subject to GDPR rules and the scrutiny of the information commissioner anyway, so it is somewhat surreal that Brexit is affecting the freedom of movement of data between the EU and the UK at all. This is a clear example of how toxic a potential no-deal scenario has become and how it will impact the digital economy in the future.”
If you would like any professional advice on safe storage options or security methods, contact our IT experts on 01522 883636.