Businesses concerned with data adhering to GDPR regulations post-Brexit

Phil Parkinson, Head of Commercial law at Blacks Solicitors

Phil Parkinson, Head of Commercial law at Blacks Solicitors

Since the UK officially completed its separation from the EU on the 31st of December 2020, many business owners have been concerned about how this will impact data flow between the UK and EU.

Speaking on the issue, Phil Parkinson, Head of Commercial law at Blacks Solicitors, an award-winning law firm based in Leeds, had this to say: “After Brexit, there has been serious concern that data flow between the UK and the EU would be seriously hampered, meaning a stifled and difficult process for businesses.

“The UK had already decided pre-Brexit that the UK to EU data adhered to GDPR regulations as this had been implemented, however, we were waiting for the EU to decide whether data transfer from the UK to EU was deemed adequate and could flow as before.

“At the time of writing, the EU has decided that the UK is an adequate country and therefore data may flow freely between the two. This is the latest stage in an ongoing process and the approval should allow the European Commission to formally adopt the decision.

“However, there have been challenges to this being adopted; for example, MEP’s urged a rethink on the decision, citing concerns about how the UK would use data in the future.

“Post-Brexit, the EU laws relating to GDPR will now not apply in the UK. However, with so much work having gone into GDPR compliance in 2018, there is now ‘UK GDPR’ which has been incorporated into UK law alongside the Data Protection Act 2018.

“The UK government has stated that data transfers to the EEA (European Economic Area) are not restricted, so data can still be sent from the UK to the EEA”, continued Phil.

“If your organisation operates in the EEA, you need to comply with both UK and EU data protection regulations.

“You may also need to appoint a representative in Europe and take note of, and follow the EU’s adequacy decision process.

“As long as businesses continue to be in compliance with EU GDPR regulations, then the transition should be seamless. In fact, it’s in the interests of the government, business and the economy to keep it as smooth as possible.

“However, if your business is reliant on EU data flows, it’s worth keeping an eye out for any changes in the law.

“In May 2021, The Information Commissioner’s Office (ICO) announced that it’s working on bespoke UK standard contractual clauses for international data transfers, replacing the EU Standard Contractual Clauses.”

When speaking on the issue, ICO Deputy Commissioner, Steve Wood, said: “I think we recognise that standard contractual clauses are one of the most heavily used transfer tools in UK GDPR. We’ve always sought to help organisations use them effectively with our guidance.

“The ICO is working on bespoke UK standard clauses for international transfers, and we intend to go out for consultation on those in the summer.

“We’re also considering the value to the UK for us to recognise transfer tools from other countries, so standard data transfer agreements, so that would include the EU’s standard contractual clauses as well.”