Irish Region
Read the EU Update in the Irish Agenda on the data protection ramifications off Brexit.
Read the EU Update in the Irish Agenda on the data protection ramifications off Brexit.
The European Commission's Directorate-General for Justice and Consumers has issued a warning on the data protection ramifications of Brexit.
The document, entitled ’Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection’, warns that the United Kingdom will become a 'third country' as of the withdrawal date of 30 March 2019. The UK will then be subject to the same EU rules for the transfer of personal data as other third countries. Under both the current Directive 95/46/EC and the upcoming GDPR which will replace it as of 25 May 2018, transfers to third countries are only allowed if the controller or processor has provided ’appropriate safeguards’. These may be provided by:
If there are no appropriate safeguards, in exceptional cases, a transfer may take place on the basis of certain derogations. There is also the possibility that the EU will make a decision on the adequacy of personal data protection in the UK, as it has done in respect of certain transfers to Canada, New Zealand and Switzerland, which would allow the free flow of personal data to the UK by EU data exporters.
The Commission Notice concludes by noting that the Commission has established a stakeholder group comprised of industry, civil society and academic contributors, who will discuss the tools for transfers to third countries under the GDPR.