Words that will make many people cringe. However every business needs to be prepared. GDPR is an EU regulation that enables data to flow freely between the EEA (European Economic Area). Business supply chains then function smoothly.
What if the Current Withdrawal Agreement is passed?
Data will continue to pass between the UK and the EEA (EU plus Iceland, Norway and Liechtenstein) as currently at least until 2020.
What if there is No Deal ?
All businesses should continue to comply with GDPR . This will be formally incorporated into UK law.
For transfers of data from the UK to the EEA these will continue as now.
However transfers from the EEA to the UK will be under EU laws which require that adequate safeguards are in place.. The UK will be a Third Party until the EU declares that the UK offers adequate protection. It is unlikely that this will be done before the UK leaves the EU.
So as with dealing with any Third Party country the EU business should put Standard Contractual Clauses (SCC) in place between themselves and the UK business to whom data is being sent.
This will not apply if :
- Data is sent within a company such as from an employee to another.
- If an individual is sending their own data.
- If it is a medical emergency or a risk of serious harm
- The individual consents to the transfer
Businesses should remember to update their Privacy Notice if a Restricted Transfer is now being made.
If you need any advice please contact us