What Will Brexit Mean for GDPR and My Business?

What Will Brexit Mean for GDPR and My Business?

DECEMBER 1, 2018

The prospect of Brexit creates major uncertainty in many areas of life and business, not least when it comes to the question of the data that you hold in your business and how you comply with data protection requirements and GDPR.

What will Brexit mean for the data you hold in your business and what will happen at the end of March when the UK leaves the EU?

The answer, unfortunately like so many aspects of Brexit, is uncertain, and will depend on how events unfold in a situation that is changing constantly and rapidly.

At the time of writing a Withdrawal Agreement has been negotiated between the EU and the UK along with a Political Declaration on the future relationship between the parties. The Withdrawal Agreement is here and the Political Declaration is here. There is also an explainer document here.

This Withdrawal Agreement has been accepted by the EU members states and the UK government, but it has not yet been accepted by the UK parliament and its prospects of doing so are the subject of enormous uncertainty and speculation. We will just have to wait to see what happens on that.

What will it mean for your business if the Withdrawal Agreement between the EU and the UK is confirmed and the UK leaves the EU on this basis?

Well, the Withdrawal Agreement deals with data protection and GDPR issues quite specifically and provides clarity in these areas. Articles 70 to 74 of the Withdrawal Agreement in particular deal with data protection and data security of pages 127 – 131.

Article 71 essentially states that the EU’s GDPR will continue to apply in the UK for the duration of the transition period provided for in the Withdrawal Agreement. The transition period is to apply up to 31 December 2020 and may be extended.

If this were adopted, it would allow data to continue to flow freely between the EU and the UK on the basis that the UK will continue to adhere to the GDPR during the transitionary arrangements. And it would seem reasonable to assume based on what is outlined in the Political Declaration that the transition period should enable arrangements to be put in place so that a finding of adequacy to be made by end of the transition period so that data can continue to flow freely thereafter.

Something that is not mentioned specifically in the Withdrawal Agreement and that will have to be clarified as events unfold, is the status of UK based data controllers for the purposes of compliance with Article 27 of the GDPR. At present, the UK is a member state of the EU and data controllers established in the UK are, by definition, established in the EU.

However, after the UK leaves the EU, UK based data controllers holding data on people in the EU who do not have any establishment in another member state of the EU, will not be established in the EU for the purposes of the GDPR and will presumably have to appoint a representative in the EU pursuant to Article 27 of the GDPR in order to be compliant.

Whatever about the uncertainties of Brexit, the one thing that’s for sure is that our Brexit Business Data Survival Guide will help you to understand what you can do to prepare your business whatever happens.


flor mccarthy

Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers. He is certified by the Law Society of Ireland in Data Protection Practice and lectures lawyers on data protection practice and compliance. He is managing partner of a multi award winning niche legal practice. He has been in private practice for over 20 years and has been elected by his peers to sit on the exclusive Council of the Law Society of Ireland, the governing body for Irish lawyers.

If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.

During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.

Flor McCarthy

Flor McCarthy is one of Ireland’s leading lawyers and a recognised expert in marketing. He has particular expertise and hands-on practical experience in privacy, data protection and GDPR issues for marketers.


You May Also Be Interested In