ARTICLE
11 January 2019

United Kingdom Makes Data Protection Plans For ‘No Deal' Brexit

PC
Pearl Cohen Zedek Latzer Baratz

Contributor

Pearl Cohen Zedek Latzer Baratz logo
Pearl Cohen is an international law firm with offices in Israel, the United States, and the United Kingdom. Our strength is derived from decades of legal experience and an intimate knowledge of the cutting edge technological, legal, and transactional issues facing our clients in local and cross border matters. This combination of experience and knowledge allows us to provide sound and innovative advice to clients worldwide.
The Government of the United Kingdom has published guidance discussing the impact on UK data protection law if the UK leaves the EU without a deal on Brexit Day – March 29, 2019.
United Kingdom Privacy

The Government of the United Kingdom has published guidance discussing the impact on UK data protection law if the UK leaves the EU without a deal on Brexit Day – March 29, 2019. At the outset, the EU's GDPR will cease to apply in the UK on Brexit Day. Therefore, the UK plans that its EU (Withdrawal) Act of 2018 will include provisions that retain the GDPR in UK law.

In order to allow for seamless transfers of personal data from the UK to Europe, the UK will recognize the EU member states, Norway, Liechtenstein, Iceland and Gibraltar as 'adequate'. Contrarily, allowing personal data from the EU to flow to the UK requires a formal EU driven procedure, which the UK cannot control.

In order to preserve the other permissible data flows into the UK as they currently exist under the GDPR, the UK will also recognize the same territories that the EU Commission has recognized as adequate for data flows: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the Privacy Shield certified organizations in the U.S. The UK will similarly recognize the EU's Standard Contractual Clauses as well as Binding Corporate Rules that have already been approved prior to Brexit Day, so that UK organizations that transfer personal data on the basis of these EU recognized mechanisms, can continue to rely on them.

Finally, the UK's version of the GDPR will require that non-UK organizations that are subject to the UK GDPR appoint a local UK representative, similar to the EU's GDPR requirement for non-EU organizations to appoint an EU representative.

CLICK HERE to read the UK Government's Guidance on the data protection implications of a 'No Deal' Brexit.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More