Brexit and the protection of personal data
Although 17th October 2019 has seen the publication of the draft text of a revised Protocol on Ireland/ Northern Ireland to the 2018 "Brexit" Withdrawal Agreement, leading to hopes that, if Brexit takes place, it will be a "with a deal " rather than on a "no deal" basis, it would still be wise to prepare for a "no deal" Brexit.
In keeping with the almost daily "Get ready for Brexit" alerts that the UK Government has been issuing in order to encourage individuals and businesses to prepare for a "no deal" Brexit, the Government drew attention in its alert of 17th October 2019 to the need to prepare for Brexit " if your business...receives personal data".
There is plenty of sensible advice about personal data protection on the Government website - at gov.uk/brexit - which in turn refers to helpful advice on this subject on the Information Commissioner's website - at ico.org.uk.
The key message seems to be that effectively the General Data Protection Regulation (GDPR) will continue to apply post-Brexit by way of incorporation into UK law and that businesses would be well advised to review their contracts if they wish to continue receiving personal data from within the EEA post - Brexit "and include Standard Contractual Clauses (SCC) or other legal safeguards where necessary". The UK Government guidance goes on to say:-
"Organisations that are part of a multinational group may be able to rely on binding corporate rules ...(BCRs) to transfer personal data within their group."
In relation to personal data that may be sent from the UK to the EEA post-Brexit, the UK Government is of the view that no special steps need to be taken by UK businesses from a UK legal perspective. The UK Government comments, in its general guidance published on 6th February 2019 :-
"UK organisations will still be able to legally send personal data from the UK to the EEA and 13 countries ...deemed adequate by the EU."
The protection of personal data is clearly a matter of fundamental importance in the modern world - where cyber security is a huge issue.
The UK Government is highlighting the concerns but is clearly determined to demystify the solutions.
