A No-Deal Brexit threatens to inhibit the free transfer of data between the EU and the UK if the European Commission finds the UK data protection policies to be lacking.
While the UK remains inside the Union, other member states may freely transfer data to companies within the country, as its status as an EU-member guarantees its “adequate” data protection laws.
In the event of a No-Deal Brexit, however, the UK would leave the EU without any agreement as to its continuing data protection requirements. As such, allowing any data to be transferred to UK-based organisations would become more challenging, because—at the time of the UK’s withdrawal—the EU will not have officially determined that the UK “ensures an adequate level of protection” for data transfers and processing.
Therefore, until the EU makes an “adequacy assessment” of the UK’s data processing regulations, which can take months, or even years, personal data transferred from EU organisations to companies within the UK will be subject to the more stringent safeguarding procedures set out in Articles 46-49, unless the company meets the requirements for one of the stated exemptions.
All adequacy decisions are subject to their own review every four years, as a result of which the Commission can repeal, amend, or suspend previous decisions for jurisdictions no longer ensuring an adequate level of data protection.
Although GDPR will no longer be effective in the UK after Brexit, the Data Protection Act of 2018 will ensure that data transfers from the UK into the EU will remain unaffected even in the event of a No-Deal departure.
However, UK to US transfers will require stricter compliance in the US, requiring updated privacy policies and a continued commitment to maintain companies’ Privacy Shield certifications.
Organisations worldwide are therefore recommended to keep up to date with the changing standards of compliance, and to ensure that these are being met.
The post #Privacy: Changes to Data Protection Regulations in the event of a No-Deal Brexit appeared first on PrivSec Report.