GDPR guidance for a No-Deal Brexit…
The final countdown’s begun and there’s still a lot of uncertainty surrounding the ‘will we, won’t we’ question.
And, not only that, a multitude of other unanswered questions, including one that’s very specific…
In our pursuit to become a true island nation again, the big data protection conundrum on everyone’s lips is: where do we stand with the GDPR in the event of a no-deal Brexit?
So, let us reassure you.
In the words of Dad’s Army’s Lance Corporal Jones and someone who last fought for independence, the message is simple:
Don’t panic! DON’T PANIC!
Here are some insights and recommendations on how to handle it…
If we leave the EU, does that mean the GDPR no longer applies?
Not exactly. Whilst the GDPR is an EU directive, the importance of safeguarding people’s personal and sensitive data remains unchanged. How that is realised though depends on what other regulations and systems are in place.
It’s possible that we’d end up with an ‘adequacy decision’ – similar to the ‘Privacy Shield’ framework between the USA and EU – so that the way the UK currently regards the USA in terms of its data protection approaches and policies could become the way the EU regards the UK.
Although one of its purposes is to enable US companies registered with Privacy Shield to more easily receive personal data from EU entities (under EU privacy laws meant to protect European Union residents), it’s not necessarily reciprocated to the same standards. As such, Privacy Shield is deemed rather lax and contested by many, to the extent that it’s been challenged legally by privacy groups.
So it’s okay to become more relaxed about data protection?
Again, not really! The UK will still have the Data Protection Act 2018 to fall back on. And, there’s also a likelihood that the GDPR as we currently know it will be brought into legislation at some point, albeit under a different name.
What if we have data that’s controlled or processed within the EU?
Because it’s being processed within the EU, the GDPR will still stand. So, from a UK perspective, at least, we can be assured of the same stringent compliance regulations that we’ve (hopefully) been practising ourselves since it came into force in May 2018.
And what about if we still have customers in Europe whose data we control or process?
Until an adequacy decision is approved by the European Commission, we need to have secure measures in place, such as Standard Contract Clauses. Otherwise, without such a guarantee, there’s the acute possibility that free movement of data between the UK and the EU could stop altogether – which wouldn’t be good!
Ideally, it would be nice to think that we’d continue to stick with best practice; after all, the EU will continue to take care of our data in the right way.
Don’t panic! But don’t ease up on your responsibilities either…
In a nutshell, data protection law still applies – why would you want anything other than that?! If you’ve been adhering to a high level of compliance, it makes sense to keep it up.
Nonetheless, if the prospect has all become a bit too much for you, we’re always on hand to offer some moral support and extra guidance. We can even help you map all your data so that you know exactly what information in your business flows between here and the EU.
Just get in touch with us in the usual way.
And, if all else fails and you’re still not sure how best to protect someone’s data, just get them to follow Captain Mainwaring’s advice.
As long as they don’t tell anyone their name, they should be fine.
Until next time...