What Will Happen To Data Transfers Post-Brexit?

There is a great deal of confusion across all industries about what will happen if the UK exits the EU without a deal in place on 29 March this year.

Out-Law recently pointed out that one area that could become more complicated is that of data transfers.

Following the introduction of GDPR legislation last May, new rules were put in place for data transfers between EU countries and third-party nations. When the UK leaves the EU, it will become a third-party nation if no other agreement is in place.

The European Data Protection Board (EDPB) recently set out a five-step plan for businesses to follow when transferring personal data in the event of a no-deal Brexit to ensure they remain compliant with GDPR.

Essentially this means that adequate safeguards are in place to protect EU data once it leaves and enters a third-party country. The five steps outlined by the EDPB start with “identifying what processing activities will imply a data transfer to the UK” and then deciding what the most appropriate instrument is for that transfer.

Making sure that this is in place ready for 30 March 2019 is essential, as well as updating internal documentation to reflect the fact that data transfers will be made to the UK. Firms transferring data from the EU to the UK will also need to update their privacy notices.

In a nutshell, the process of physically carrying out the data transfer is unlikely to change, because the UK should have a secure system in place as part of the EU. However, there is more paperwork that will go along with a data transfer to ensure GDPR compliance.

Earlier this month IT Pro Portal revealed that more UK businesses are worried about Brexit than they are about being compliant with GDPR, but naturally the two are linked.

If you need assistance with lab instruments telemarketing, contact us today.