Don’t panic, GDPR and no-deal Brexit

Brexit Conservative Party

As the UK government wrangles with the EU, the prospect of a no-deal Brexit once again looms, but does it have any consequences for GDPR?

The GDPR will be retained in domestic law at the end of the transition period, but the UK will have the independence to keep the framework under review. If we leave without an adequacy decision then further steps must be taken, with guidance here.

Thomas Page, global head of hotel & leisure group, partner, CMS, told us: “Things like GDPR policies will need to change if we exit without a deal, but without knowing what the new regime is, you cannot really decide what you need in a deal-less scenario. 

“I think most people will deal with it if and when it happens. Big data-heavy operators ought to have arrangements in place already to ensure that data can be transferred outside the EEA for their existing international operations outside the EEA, so the UK will just join the ranks of non-EEA countries. 

“But for those businesses who had set up ring-fenced European data servers to avoid transferring all data into the US, where those data servers were in the UK, they might need to think about moving their data out of the UK to another EEA country. 

“Mostly operators will need high levels of encryption and security because they have been targets for hackers. This high level of security may mean that they pass the EU’s tests for adequate safeguards, even if the country they are exporting to does not have adequate legal safeguards.”

Are you prepared? Take our poll.