Data Identification & Clustering
Quality & Integrity
Data Privacy & Security
Simulation & Automation
Retention & Retirement
Governance & Support
Feb 13, 2019
With the official referendum on June 23rd, 2016, resulting in an overall vote of 51.9% for the United Kingdom to leave the EU, it is expected to become a reality this year on March 29th by the British Government based on Article 50 Paragraph 1 of the General Treaty.
Many debates discuss whether a “hard Brexit”, meaning the rejection of close alignment including single market and customs union with the EU, would be the only possibility for the UK’s exit. However, in terms of GDPR the exit may trigger other factors.
Regardless of the cogitation whether a “hard Brexit” could be avoided through new negotiations, the parties must prepare for the coming scenario; a “hard Brexit” has conceivably broad data protection implications on dataflows, processes, and documentation.
Companies inside the EU that continue to operate in the UK as joint-ventures, or that have parts of their supply chain or IT-supported processes there (e.g., data centers, branches) or that must in any way continue to exchange data with the UK would be among the most affected.
Even if the solution is another negotiated exit, it would still have broad implications, as it is still not clear to what extent the UK would continue to comply with the guidelines of the EU General Data Protection Regulation (GDPR) or if an adequacy decision between the EU data privacy legislation and a new law for the UK would unfold.
As the 29thof March 2019 quickly approaches, so does the possibility of the UK becoming a “Third Country” after leaving the EU in matters concerning the GDPR.
Consequently, we can assume that entities in the EU transferring data into the UK will have to follow new rules on data privacy and will have to adapt the necessary documents.
With a team comprised by experienced data security experts and certified data security auditors, Natuvion can help you with the analysis of data flows with the UK and the adaptation of the data transfer directory and processing activities. We also answer legal questions regarding data transfers in doubtful third countries with the support of our partner, the legal office SKW Schwarz Munich.