GDPR entered into force on May 25, 2018. The Brexit saga is significantly older, but regardless of the preceding, the future is confusing for international and cross-border operating businesses. On the one hand, the UK was an EU member state during the development and enforcement of the GDPR and London has participated in drawing up the European data protection rules.
Consequently, the UK has harmonized its national legislation from the EU data protection perspective. However, the similarity of the EU and UK data protection regulation shall not resolve all problems. All countries outside the EU are handled as “third countries” for the Member States, meaning that when transmitting data to the UK upon no-deal Brexit, Articles 44 and 45 of the General Data Protection Regulation (GDPR) shall apply.
The European Data Protection Board, as well as the UK’s relevant authority, have developed guidelines for the organisations for situations, where data needs to be transmitted to either side upon no-deal Brexit. One solution would be to use the standard data protection clauses adopted by the Commission or alternatively, other similar agreements. NJORD gives you five steps to follow when transmitting or receiving data from the UK.
Attorney at law, Partner
Direct: (+372) 66 76 461
Mobile: (+372) 52 52 646