fbpx

Download free GDPR compliance checklist!

Tag Archives for " Brexit "

UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

The cost to UK businesses of not receiving an adequacy decision from the European Commission could total between £1 billion and £1.6 billion, according to a new report by think tank New Economics Foundation and UCL European Institute.

The report, compiled from interviews with 60 EU and UK legal professionals, data protection officers, business representatives and academics, estimates average costs for impacted businesses could reach £3,000 for a micro business, £10,000 for a small business, £19,555 for a medium business and £162,790 for a large business.

Source: UK businesses face aggregate costs of up to 1.6 billion if no adequacy decision post-Brexit transition period, report finds

UK government under pressure to prove data adequacy to EU

The UK government is coming under increasing pressure to convince Brussels regulators that the country’s data protection landscape is fit for EU personal data, amid wider concerns that UK surveillance practices compromise the security of EU standards.

On 13 October the UK’s upper chamber, the House of Lords, published a report on the future relationship between the UK and the EU in the business world, highlighting their worry that “there is a possibility that the Commission may not grant the UK a data adequacy decision,” for data transfers from the bloc after the Brexit transition period concludes at the end of the year.

“We call on the Government to push for the assessment to be concluded as soon as possible, to give businesses in the UK and EU legal certainty and time to prepare,” the Lords’ report added.

Source: UK government under pressure to prove data adequacy to EU – EURACTIV.com

CJEU ruling puts in danger EU-UK adequacy talks

This week, the CJEU issued a ruling that could spring a leak and potentially sink adequacy negotiations between the U.K. and EU.

CJEU ruled to restrict surveillance activities on phone and internet data by EU member states but specifically to regimes in Belgium, France and the U.K. The decision means governments have limited grounds for mass data retention unless they face a “serious threat to national security.” Additionally, access to phone and internet data, as well as the duration of that access, should be determined based on necessity.

The U.K. is chief among those affected by the court’s ruling as the clock winds down on its Brexit transition period, which is set to expire with or without an adequacy decision from the EU December 31. Doubts about an adequacy agreement already loomed, but the latest CJEU ruling further clouds a potential deal.

Source: CJEU throws wrinkle into EU-UK adequacy talks

EU takes legal action against UK over planned Brexit bill

If bill becomes law, UK has power to disregard part of withdrawal treaty dealing with Northern Ireland trade.

The European Union has taken legal action against the United Kingdom over its plans to pass legislation that would breach parts of the legally binding divorce agreement the two sides reached late last year.

European Commission President Ursula von der Leyen said that the UK plan “by its very nature is a breach of the obligation of good faith laid down in the withdrawal agreement”.

Source: EU takes legal action against UK over planned Brexit bill | United Kingdom | Al Jazeera

UK intelligence data ‘would be deleted’ in event of no-deal Brexit

British intelligence about terrorists and other serious criminals would have to be deleted from EU systems if the Brexit trade negotiations were to collapse, a former EU security commissioner has warned.

The UK would instantly become disconnected from a range of databases and systems such as the European Criminal Records Information System (ECRIS), which shares data about prior convictions across all EU countries.

Source: UK intelligence data ‘would be deleted’ in event of no-deal Brexit | UK news | The Guardian

EU Commission fears UK data protection regime ‘may change in the future’

The European Commission has concerns that certain aspects of the UK’s data protection regime may change in the future and negatively impact the safety of EU personal data when transferred to the country.

The EU executive is conducting an assessment of the UK’s data protection landscape as part of a so-called ‘adequacy-decision,’ in order to determine if EU data can safely be transferred to the UK after Brexit.

“While the UK applies EU data protection rules during the transition period, certain aspects of its system may change in the future, such as rules on international transfers,” a Commission source told EURACTIV on Tuesday (22 September).

Source: Commission fears UK data protection regime ‘may change in the future’ – EURACTIV.com

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority.

As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority (SA) need to identify a new BCR Lead SA in the EEA  and must amend their BCRs before the end of the Brexit transition period.

Source: EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

EC issues data advice as Brexit approaches

The European Commission (EC) is urging businesses and public bodies to take all necessary steps to ensure compliance of any personal data transfers between the UK European Union after the Brexit transition ends on 31 December.

“Compliance can be achieved by having appropriate safeguards in place as foreseen by the General Data Protection Regulation [GDPR], including binding corporate rules or through specific derogations,” the EC said in a document to help companies and others to prepare for the changes after the transition period.

Source: EC issues data advice as Brexit approaches

Tiktok to transfer data control to UK arm ahead of Brexit

Tiktok has said it will be moving ownership of its users’ data in Europe to local subsidiaries, in a boost to its British arm as it prepares for Brexit.

The social media app’s US parent Tiktok Inc will no longer manage and safeguard data for users based in the UK and the European Union. Instead, from 29 July, Tiktok Ireland will control the data of all users in the European Economic Area and Switzerland, while Tiktok UK will do the same for Britons.

Source: Tiktok to transfer data control to UK arm ahead of Brexit – CityAM : CityAM

1 2 3 10
>