The Government has published its plans to ensure the UK data protection framework continues to operate effectively in the event of a no-deal Brexit.
It's the intention of the Government to use its regulation-making amend the GDPR and Data Protection Act 2018 regulations to:
- Preserve EU GDPR standards in domestic law;
- Transitionally recognise all EEA countries (including EU Member States) and Gibraltar as ‘adequate’ to allow data flows from the UK to Europe to continue;
- Preserve the effect of existing EU adequacy decisions on a transitional basis;
- Recognise EU Standard Contractual Clauses in UK law and give the ICO the power to issue new clauses;
- Recognise Binding Corporate Rules authorised before Exit day;
- Maintain the extraterritorial scope of the UK data protection framework; and
- Oblige non-UK controllers who are subject to the UK data protection framework to appoint representatives in the UK if they are processing UK data on a large scale.
Further details will be published over the next few weeks.
At Markel Law we regularly comment on SME related matters.
Follow this link to find out more about Markel Law and how we can assist your business.
This notice provides more detail about how our data protection law will work in the unlikely event the UK leaves the EU without a deal. The EU (Withdrawal) Act 2018 (EUWA) retains the GDPR in UK law. The fundamental principles, obligations and rights that organisations and data subjects have become familiar with will stay the same.