Did you know, free flow of personal data from the EU is not guaranteed according to the government’s No Deal Brexit planning document on data protection. Consequently organisations are advised to take action to ensure they will still be able receive data from Europe.
Brexit potentially affects all personal data exchanges between the European Economic Area (EEA) and the UK. This was stipulated by the European Commission consumer directorate in a Notice to Stakeholders issued on 9 January 2018. In this notice the European Commission advised stakeholders that cross-border data flows between the EU and the UK will not automatically have adequate safeguards anymore.
If the UK leaves the EU with no deal, there may not be a legal agreement in place right away on data flowing from the EU to the UK, according to the government’s No deal Brexit paper on data protection.
The paper said that there will be no changes to the UK’s own data protection standards, in line with the EU General Data Protection Regulation (GDPR) which was implemented in UK law via the Data Protection Bill in May 2018.
However, the government warns that the legal framework for transferring personal data from organisations in the EU to organisations in the UK would have to change when the country leaves the EU.
This means that although businesses will be able to continue to send personal data from the UK to the EU, and would “at the point of exit continue to allow the free flow of personal data from the UK to the EU”, it may not be the same the other way around.
The European Commission will have to make an adequacy decision on allowing the free flow of personal data to the UK, but the decision may not be made time for Brexit.
“If the European Commission does not make an adequacy decision regarding the UK at the point of exit and you want to receive personal data from organisations established in the EU (including data centres) then you should consider assisting your EU partners in identifying a legal basis for those transfers,” the paper said.
“For the majority of organisations, the most relevant alternative legal basis would be standard contractual clauses. These are model data protection clauses that have been approved by the European Commission and enable the free flow of personal data when embedded in a contract.”
For complimentary advice on how to ensure your organisation is correctly following data legislation with your paper records, contact us now.
SOURCE: Computer Weekly