Noticias de la Cámara
Brexit, Wa, & Data Protection | E-PDP
28/02/2019
Key points of the EU "Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community" (WA) include continued protection of Data under the umbrella of Regulation (EU) 2016/679, for processing of personal data & free movement of such data (GDPR), and Directive (EU) 2016/680 , for prevention, investigation etc of criminal offences etc (Article 71) provided data processed under Union Law in UK before end of transition period or processed in UK after transition period on the basis of a backed WA.
Brexit is proving to be a complex and rather untidy process. 12th to 14th March are key dates in Parliament (meaningful vote on Brexit deal by 12 March. If defeated again, a vote on 13 March on leaving with no deal and, if this is rejected, a vote on 14 March for an extension to the withdrawal period beyond 29 March 2019). Whether the revised WA is backed or not, whether the deadline for withdrawal is delayed or not, contingency planning for a ‘no deal scenario is vital for lawful transfers of data. Companies should review the data flows and transfer mechanisms in their business to make sure there will be no breach in their data operations if there is a no-deal Brexit (in particular where contracts include clauses where transfer of data outside of the EU is prohibited).
Companies need to mitigate risks with appropriate transfer mechanisms set out in the GDPR such as Binding Corporate Rules (BCRs), Standard Contractual Clauses (SCCs), certification and codes of conduct, data subject (explicit and renewed) post-Brexit consent. Companies will have to review which of the aforementioned safeguards are best suited to their needs, demonstrate their efforts to ensure compliance post-Brexit, and also review their privacy policies so that clients understand the movements of their personal data in and outside of the EU.
