No deal Brexit means third country data status for UK

Minister Breen addresses Data Protection Conference, clarifies EU position on no deal implications
Pro
Minster for Data Protection Pat Breen addresses the 2019 Data Protection Conference (Image: ICS)

25 January 2019

In the event of a no-deal Brexit, the European Union has made it clear that there will be no interim adequacy decision for the UK, meaning personal data transfers will be affected.

Addressing the eleventh annual data protection conference in Croke Park, Minister for Data Protection, Pat Breen, said that it was is clear that a “no-deal Brexit” would have a profound effect on how personal data is transmitted into the UK from the EU.

“In the event of a ‘no-deal’ Brexit,” said Minister Breen, “the European Commission has clarified that no contingency measures, such as an ‘interim’ adequacy decision, are foreseen.”

‘This means that data transfers to the UK in the event of a ‘no-deal’ Brexit must initially rely on alternative mechanisms other than an adequacy decision, as set out in the GDPR.”

“Flows of personal data to and from the UK are essential to business. In the absence of a withdrawal agreement, the UK will become a third country on leaving the EU and personal data transfers cannot continue as before,” said the minister.

Minister Breen said data transfers to the UK in the event of a ‘no-deal’ Brexit, would have to initially rely on alternative mechanisms other than an adequacy decision, as set out in the General Data Protection Regulations (GDPR).

He pointed out that the European Commission has approved Standard Contractual Clauses that can be inserted into contracts to ensure the application of European data protection principles.

“A corporate group can apply legally binding corporate data protection rules once approved by the competent data protection authority,” said the minister.

“Codes of Conduct and Certifications can be used to demonstrate compliance with the GDPR, once approved by a data protection authority and the European Data Protection Board (EDPB).”

“It is up to you to decide which of these is most suited to the kinds of data transfers in which your organisation is engaged,” the minister warned. “The GDPR also provides for derogations for specific situations in the absence of the kinds of safeguards that I just mentioned.”

‘These derogations cover situations such as where the subject has given explicit consent or where the transfer is necessary for important reasons of public interest.

“So while Brexit does give rise to concerns,” the minister said, “it should not cause alarm. The GDPR explicit provides for mechanisms to facilitate the transfer of personal data in the event of the United Kingdom becoming a third country in terms of its data protection regime.”

The Data Protection Commission has produced guidance material on the status of personal data transfers to and from the UK in the event of a no-deal Brexit, which the minister recommended to anyone who may be considering their own operations in light of a no-deal scenario.

 

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie