Tag: Brexit

United Kingdom become a third country after Brexit

29. January 2018

Withdrawal of the United Kingdom from the Union and EU leads to United Kingdom become a third country.

The European Commission annouced, that on 30.03.2019, 00:00h (CET) the United Kingdom will no longer be member of the Union and EU, all Union and secondary law will cease to apply.

That means, tat all stakeholders processing personal data need to consider the legal repercussions of Brexit, beacuse as of the withdrawal date, the EU rules for transfer personal data to third countries apply. GDPR allows a transfer if the controller or processor provides appropriate safeguards.

Safeguards may be provided by:

  • Sandarad data protection clauses (SCC)
  • Binding corporate rules (BCR)
    • legally binding data protection rules approved by the competent data protection authority which apply within a corporate group
  • Condes of Conduct
    • Approved Codes of Conduct together with binding and enforceable commitments of the controller or processor in the third country
  • Certification mechanisms
    • Approved certification mechanisms together with binding and enforceable commitments of the controller or processor in the third country

Besides a transfer may take place based on consent, for the performance of a contract, for exercise of legal claims or for important reasons of public interest.

These procedures are already well-known to business operators beacuse they are uses today for the transfer of personal data to non EU-countries like the USA, Russia or China.

The decision is disappointing for everyone who were hoping for an adequate level of data protection in the United Kingdom.

Stakeholders should prepare for the requirements associated with recognition as a third country.

Category: EU Commission · European Union · GDPR · UK

Data Protection in the UK after the “Brexit”

4. April 2017

After the Brexit, keeping data by the UK companies and organizations is expected to become more certain locally than globally.

Elizabeth Denham, the UK’s Information Commissioner, recently commented before the House of Lords EU Home Affairs Sub-Committee, that the UK should apply to the European Commission for a full “adequacy” decision in terms of proving the adequate data protection measures as UK will become soon a non-EU country.

British government comments on the free trade deal with these words: “no deal for the UK is better than a bad deal for the UK”.

In the context of Brexit, it is crucial for the industry of the UK to keep the data-flows unhindered though.

British politician David Davis indicates that the UK and EU are now on their way to find and maintain equivalence (and not identity) in their relations (especially when it comes to business) in order to keep up their common interest.

Even though Davis is not using the “adequacy” term in his speech, this is what the UK technology industry is asking for.

Government assures that if no accord in that matter will be reached, there are still many alternatives to adequacy.

Category: UK
Tags: ,

UK Data Protection Commissioner speaks about “Brexit” and the GDPR

5. October 2016

Last week, Elizabeth Denham, held her first speech as UK Information Commissioner (ICO). In this speech she referred, amongst others, to the effects of the Brexit with regard to the application of the GDPR.

Denham remarked that the GDPR involves the modernization of European Data Protection and the necessity of these new rules in order to ensure cross-border commerce and the protection of individuals. As the GDPR may be applicable before the UK has left the EU, she ensured that the ICO will keep on providing guidance and advice on the GDPR.

Furthermore, she stated that even after the UK has formally left the EU, flows of personal information will be still necessary, so that the level of data protection in the UK should be essentially equivalent to the one in the EU. Therefore, she encourages businesses to improve and adapt their practices to the GDPR.

Category: GDPR · UK
Tags: , ,