Brexit Is Here, so What Does That Mean for Data Privacy?

Written by: Richard Sheinis, Esq.

Now that the UK has a withdrawal agreement with the EU, what will this mean for data privacy for personal data in the UK, as well as for personal data that is transferred between the UK and other countries.  UK’s Information Commissioner’s Office (“ICO”) has provided some answers.  For the time being, during the transition period of 2020, the GDPR will continue to apply in the UK and no immediate action is necessary.  The ICO is advising that we should continue to follow existing guidance on the GDPR.

Negotiations during the transition period will determine what happens at the beginning of 2021.  The default position, according to the ICO, is that the GDPR will be brought into UK law as the “UK GDPR”.  We will see if negotiations during the transition period alter this default position.

The ICO states that you should be cautious of data transfers between the UK and the  EU after the transition period.  Such transfers will be viewed as “cross border data transfers”.  GDPR transfer rules will apply and safeguards need to be in place for personal data that flows from the EU into the UK.

These are just a few of the tips from the ICO regarding data privacy post – BREXIT.  The biggest takeaway is to maintain the status quo for 2020, and let’s see what data privacy changes are negotiated during the transition period.