On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit.
The Note highlights that
if the EU and the UK sign the withdrawal agreement before 1 November 2019, the
data flows to the UK will not be immediately affected. EU data protection
laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the
ePrivacy Directive) will apply until 31 December 2020, with a maximum extension
until 31 December 2022.
However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.
Read the Note.