Brexit and the road to GDPR compliance

Since the GDPR came into effect, many organisations have fallen victim to data protection penalties amid a wider scramble to meet new compliance standards.

It’s the big data handlers – tech giants such as Facebook and Google – that are staring down the barrel of the heaviest regulator action, but smaller companies are under similar scrutiny as the GDPR and other regulation beds in.

But Brexit promises to cast a further shadow of uncertainty over an already difficult situation. Exiting the EU on March 29th without a deal in place would mean the UK would remain subject to the GDPR, but as a third country.

As such, transfer of personal data to the UK as a non-EU country may be prohibited unless “adequate” levels of data protection can be guaranteed.

Progress towards an adequacy agreement may be expedited by the UK’s current adherence to the GDPR, and by our Data Protection Act 2018, but the path ahead remains unclear.

Ultimately, organisations in the UK will have to continue their journeys towards GDPR compliance, but adequate measures for customer data protection will have to be demonstrated if business continuity is to be maintained.

The Information Commissioner’s Office has said that an assessment of adequacy “can only take place once the UK has left the EU.”

“These assessments and negotiations have usually taken many months.”

Meanwhile, the Department for Exiting the European Union has urged organisations that share personal data with EEA-based counterparts to “take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal.

Brexit Briefing by Data Protection World Forum

Executives can get a clearer understanding of all the predicted outcomes and discussed relationship models between the UK and the EU’s GDPR at Brexit Briefing, coming to central London on March 9th 2019.

As the cut-off for a no-deal Brexit looms, Brexit Briefing will bring timely debate and advice as the UK begins a new chapter in its relationship with Europe.

Our comprehensive agenda will explore the key issues that await on the data protection horizon, and give the guidance that executives need to optimise their compliance journeys.

Ten days before the UK’s scheduled departure from the EU, Brexit Briefing is a one-day conference studying a diversity of GDPR compliance issues through the lens of Brexit.

Click here to register your place

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.