With Brexit day approaching near, many organisations are asking for help in preparation of Brexit Data Response Plan in case of no deal Brexit. Based on the guidelines provided by the ICO and DCMS on data protection some of the main pros and cons of Brexit are listed below with the effect of deal or no deal.
What will remain the same?
- Business should continue to maintain compliance with the principles of GDPR through UK law.
- Both PECR and NIS will apply after Brexit.
- The UK will keep following adequate decisions regarding the EU/EEA and third world countries to protect the data flows outside the premises of the EU.
- Data transfers to the US will still be protected by EU-US privacy shield which defines specific commitments between the UK and US also provided on the website of the US government.
- Binding corporate rules (BCRs) are recognised and will keep working as they exist before the Brexit.
What are the changes?
- Organisations which are dealing with the UK from outside may need to appoint their representative in the UK if they are dealing with personal data of UK citizens. Same goes with the UK if they are dealing with any country outside the UK.
- After Brexit UK is considered as a third country for other EU countries and adequacy decisions laid by the EU commission will not be applicable in that case. There should be appropriate safeguards in place, e. SCCs between the UK and other countries for data transfers.
- Existing BCRs may not apply when transferring data from EEA to the UK because ICO, not the EU authorities certify binding Corporate Rules in the scope of data protection.