Single Blog

Brexit Withdrawal Agreement Data Protection

How is the transfer of personal data from the UK to other third countries affected during and after the transition? If the United Kingdom does not make adequacy decisions before the end of the transitional period, the data protection provisions of the data protection agreement (data protection provisions of the third part, Title VII, Article 71, paragraph 1), signed by the United Kingdom and the European Union in December 2019, will enter into force. If your business is based in the UK outside the UK, without branches, branches or other establishments, and you offer goods or services to individuals in the UK or monitor the behaviour of individuals in the UK, you should consider appointing a representative to the UK. They must be in office after the end of the transition period for withdrawal from the EU. For more information, see Data Protection at the end of the transition period – UK representatives. After years of turmoil, the UK finally seems to have an agreement defining how it will leave the European Union (EU). Prime Minister Boris Johnson`s withdrawal deal shares many similarities to the withdrawal agreement put forward by his predecessor Theresa May, particularly with regard to data protection requirements. Data protection legislation covered by Part 3 of the 2018 CCA continues to apply to the relevant prosecuting authorities. These rules are derived from an EU directive, but they are now defined by UK law and will continue to apply after the end of the transition period (with some minor technical changes that reflect our status outside the EU). Under the agreement, a transitional period is in effect until 31 December 2020, during which current EU rules will continue to be applied by the UK and can begin negotiations on the way forward (the option to extend the transition period has been removed from the most recent version). 11 of the 12 third countries deemed appropriate by the EU have informed us at present that they will keep data with the UK from 2021. For more information, visit the OIC website. The RGPD is an EU regulation that will no longer apply to the UK from the end of the transition period. However, if you operate within the UK, you must comply with UK data protection legislation.

The Government has stated that it intends to incorporate the RGPD into UK data protection legislation from the end of the transition period – therefore, in practice, the fundamental principles, rights and obligations of data protection in the RGPD will not change much.