Last week, European Data Protection Authorities and the European Data Protection Supervisor met in the European Data Protection Board to discuss a wide range of topics on the challenges ahead in the data protection landscape.
Transfers of personal data between EEA (European Economic Area) financial supervisory authorities and non-EU counterparts was among issues on the table, with focus falling on businesses’ and public authorities’ data transfers under the GDPR in the event of a no-deal Brexit.
The EDPB confirmed that a no-deal scenario will render the UK a third-country on from 00:00 CET on 30th March 2019.
As such, the transfer of personal data from the EEA to the UK will have to be based on one of the following instruments:
Standard or ad hoc Data Protection Clauses
Binding Corporate Rules
Codes of Conduct and Certification Mechanisms and the specific transfer instruments available to public authorities.
In the absence of Standard Data Protection Clauses or other alternative appropriate safeguards, derogations can be used under certain conditions.
Regarding data flows from the UK to the EEA, according to the UK government, the current practice of allowing personal data to flow freely from the UK to the EEA will continue in the event of a no-deal Brexit.
Understanding data protection under Brexit
While the government is still aiming to deliver a negotiated deal with the EU, a no-deal scenario seems very possible.
If your organisation transfers data between the EEA and the UK, you need to ensure that the necessary practices and processes are in place to provision compliant data handling, no matter what the political fallout post-March 29th.
Brexit Briefing by Data Protection World Forum
Executives, IT leaders and business owners can get the understanding they need at Brexit Briefing by Data Protection World Forum, coming to central London on 6th March 2019.
Featuring an in-depth agenda on all the key issues, Brexit Briefing brings together experts, official figures and leading commentators in data protection, to bring clarity on Brexit’s implications for compliant business continuity.
Delegates from organisations of all sizes can obtain the guidance, information and specialist advice they need on all data protection concerns.
Ivana Bartoletti, Head of Privacy and Data Protection at Gemserv will be among the experts speaking at Brexit Briefing.
“As discussions in Parliament are still ongoing, it is important for businesses to prepare for any possible scenario, including a no deal. The Information Commissioner Office has published some very detailed advice and the event will help organisations digest them, understand how Brexit will impact their data sharing arrangements and gain practical knowledge of how to ensure business continuity.”
Also speaking, Eleonor Duhs, Director of Technology, Outsourcing and Privacy at Fieldfisher, says:
“The UK’s withdrawal from the European Union will mark the start of what looks to be a protracted period of uncertainty. This session will consider where we are now, the likely pressure points in future negotiations and the possible shape of the UK’s relationship with the European Union in the years to come.”
Brexit Briefing gives organisations a timely opportunity to get on top of the issues that matter, so that preparations can be made to negotiate future challenges with confidence and data law compliance.
GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/
comments powered by Disqus