Brexit has, of course, finally happened. Although 11pm on January 31 was certainly a huge moment in the nation’s history, very little has changed in practical terms so far, as we are now in a transition period that will last until at least the end of the year.
While politicians from the EU and UK try to draft a mutually acceptable long-term trading relationship, the Information Commissioner’s Office (ICO) has advised firms that their obligations under EU data protection law remain unchanged. Indeed, it is unlikely that these obligations will change in the future, as the provisions of the EU’s General Data Protection Regulation (GDPR) have already been incorporated into UK law via the Data Protection Act 2018 (DPA). The Privacy and Electronic Communications Regulations are an example of some older EU laws that are now also included in UK law.
GDPR is also still likely to be directly applicable to UK firms that operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe. These firms must ensure they continue to comply with the laws of both the EU and the UK, and that they continue to do so in the future, where the UK may adopt laws that differ from those in force on the continent.
If firms receive data from any organisations in the EU, it may need to advise them on how to transfer personal data to the UK in line with the GDPR.
- The important issues the ICO wants to communicate to firms in all business sectors are:
- They must continue to comply with the DPA and the ICO’s guidance
- The ICO remains the UK’s data protection regulator and continues to work closely with European regulators
- Firms that offer goods and services in the EU no longer need a nominated European representative
- Things may change in due course and it is not clear exactly what the future relationship between the UK and EU will be, or how it will impact individual firms. The ICO promises to “continue to monitor the situation and update our external guidance accordingly”, and firms should also keep a close eye on any Brexit-related communications that might be issued during 2020
All firms should also review their privacy information and documentation to identify any minor changes that need to be made as a result of Brexit, e.g. there may still be references in these documents to EU law.
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article