Brexit may affect UK companies' GDPR obligations

The UK Information Commissioners' Office (ICO) has urged UK businesses to take steps to ensure they remain compliant with data protection laws if the nation leaves the EU without a Brexit deal.

Any UK businesses that share personal data with organisations in the European Economic Area will need to remain complaint with the EU's General Data Protection Regulation (GDPR) covering the transfer of data across borders.

In the event the UK leaves the EU in March without a formal Brexit deal in place, the UK will fall under the laws governing the transfer of data to companies from outside the EU. This may mean UK businesses are required to implement additional safeguards to remain compliant.

According to the ICO guidance, there will be no need for additional safeguards if the EU makes a formal decision that the UK data protection regime offers an adequate level of protection. But such a decision may not be in place by the planned March Brexit date.

The UK has already stated that it does not plan to restrict transfers of data from the UK to the EU.

The ICO has published a six-step checklist for companies' preparation for the UK's exit from the EU, which includes steps such as reviewing data flows to Europe, assessing how changes to the data protection regimes will apply to a company, and reviewing existing privacy information and internal documents.

Image credit: ©stock.adobe.com/au/Iakov Kalinin

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.