Brexit Withdrawal Agreement Data Protection
Given the current situation, it is recommended that companies maintain RGPD, DPA and IRS compliance for the foreseeable future. These include the implementation of robust technical measures and procedures for the protection of personal data, detection and analysis of personal data breaches. “Business as usual” for the transition to data protection between the UK and the EU in 2020. The characteristics of data protection, both in the draft withdrawal agreement and in the framework of the political declaration, which reflect the importance of data protection rules for both the EU and the UK. There therefore appears to be a technical gap in the agreements reached under the withdrawal agreement. The international rules for the transfer of the RGPD do not concern the Member States, but the third countries, i.e. excluding the EEA, which will be the United Kingdom (even during the transitional period). This “gap” would mean that, during the transition period, organisations could be asked to take appropriate safeguards to legitimise the transfer of personal data from the EU to the UK. As of January 1, 2021, your organization must have another transfer mechanism, for example. B standard contractual clauses (CCS) with EU/EEA partners to ensure that you can legally transfer them. We advise you to check our data protection regularly at the end of the transition period to check for updates and new resources. During the transitional period, personal data can flow freely without additional restrictions between the EU/EEA and the UK (subject to compliance with the RGPD). In addition, there is no need for processing managers or subcontractors to be appointed in the United Kingdom for the duration of the transition period.
After leaving the EU, Article 44-50 of the RGPD regulates the flow of data with the UK as a third country (see our guide on Brexit and the RGPD). The UK Government stated that at the end of the transition period, data transfers from the UK to the EEA would be allowed. She says she will keep that up to date. The UK government intends to recognise the adequacy decisions taken by the European Commission before the end of the transition period. This will allow for continued limited transfers from the UK to most of the organisations, countries, territories or sectors covered by an EU adequacy decision. More information is available in our guidelines on international data transfers at the end of the transition period. Some managers of processing and subcontractors in the UK may be required to appoint representatives based in the EU from 1 January 2021. For more information, visit the OIC website or by phone at ICO-Helpline on 0303 123 1113 (open Monday to Friday). The prospect of a post-Brexit world, burdened by data flows between UK and European organisations, has long been alarmed. Both the UK and EU authorities have stated that they are committed to avoiding this scenario after the transition period and to ensuring a high level of data protection and the free flow of data. No, during the transitional period, you are not required to appoint a representative to the EEA. However, you may need to appoint a representative from the end of the transition period if you offer goods or services to individuals in the EEA or if you control the behaviour of individuals in the EEA.