As discussions around Britain’s departure from the European Union are still ongoing, it is important that companies prepare for any potential scenario. In this piece, we analyse what could happen should the UK leave the EU on 29 March 2019 without having reached an agreement with the EU.
In this scenario, the EU and the UK will have failed to sign an agreement governing the future relationship between the two parties and, therefore, the UK will immediately leave the EU’s institutional structures without a transition period.
What does this scenario mean for data sharing?
In a nutshell, should the UK leave without a withdrawal agreement, it will become a third country under the GDPR.
The ICO has just published a long guidance on the practical implications, and it is crucial that companies prepare contingency plans to ensure business continuity.
To determine whether your company will be affected, it is necessary to ask whether the business falls under one of these categories: a UK based organisation receiving personal data from the EEA, or a UK based organisation sharing data with countries deemed adequate by the EEA.
Should you fall under the first category, you must implement appropriate safeguards in your contracts with your EEA counterparts if there is no better arrangement prior to the exit date. The most convenient approach is standard contractual clauses.
Similarly, if you are a UK-based organisation receiving personal data from countries currently covered by an EU adequacy decision, both your company and the organisation sending you the data must review how to comply with local law requirements on transfers of personal data.
To read the full article please visit the GDPR:REPORT website.