Free tools and resources for Data Protection Officers!

Tag Archives for " Brexit "

GDPR Brexit flowchart

This week has brought further uncertainty on the route to Brexit. The planned vote in the UK Parliament on the Withdrawal Agreement – intended to establish an orderly transition period for the UK to withdraw from the EU between 30 March 2019 and 31 December 2020 – has been postponed leaving considerable uncertainty as to next steps, including the prospect of a ‘hard’ departure on 30 March 2019 with ‘no deal’ in place.

DLA Piper have produced a GDPR Brexit flowchart which maps out the key data protection impacts for each of the political routes that may now follow, showing the likely timelines and implications of both the ‘deal’ and ‘no-deal’ scenarios, which we hope will be a useful tool in contingency planning through these uncertain and difficult times.

Full article: UK: GDPR Brexit flowchart

ICO advises companies on how to prepare for a possible no-deal Brexit

The ICO recommends steps that companies could take now to start preparing for data protection compliance if the UK leaves the EU on 29 March 2019 without a deal.

If the UK is currently your organisation’s lead supervisory authority, you should review the structure of your European operations to assess whether you will continue to be able to have a lead authority and benefit from the One-Stop-Shop, the ICO says.

Source: ICO advises companies on how to prepare for a possible no-deal Brexit – Privacy Laws & Business

Will the UK achieve adequacy after Brexit?

The status of U.K.-EU data flows post-Brexit has been the subject of speculation since the fateful vote was taken nearly two-and-a-half years ago. But with the prospect of the U.K. crashing out of the EU without an orderly withdrawal agreement growing ever-more realistic, concern is mounting.

Full article: Will the UK achieve adequacy after Brexit? Even the ICO isn’t so sure

Brexit and data protection – what’s new now?

EU leaders have signed off the withdrawal agreement between the UK and the EU, as well as the political declaration on the framework for the future relationship between the UK and the EU. The political declaration is an outline of what a future EU-UK trade agreement might look like. But the trade agreement has yet to be negotiated and that process won’t start until the UK has left the EU on 29th March 2019. If negotiations are quick (and successful) then the intention is that the future trade agreement between the EU and the UK would come into force at the end of the transition period (31st December 2020, but the transition period could be extended).

Full article: Brexit and data protection – what’s new now?

Timescale set for data protection ‘adequacy’ decision after Brexit

On Wednesday evening, the UK government and European Commission announced that the UK and EU27 countries had reached a draft agreement on the terms of the UK’s withdrawal from the EU. That draft agreement, which is still to be ratified by the UK parliament and EU27 member states, was published alongside a number of other documents, including an outline of the political declaration on the future EU-UK relationship.

According to the political declaration, the Commission will assess UK data protection standards on the basis of the EU’s “adequacy framework” with a view to adopting an “adequacy” decision by the end of 2020. Over the same period, the UK will take steps to ensure comparable facilitation of personal data flows to the Union.

Full article: BREXIT: timescale set for data protection ‘adequacy’ decision

Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from EU

The draft Withdrawal Agreement at Article 71(2) implies an adequacy assessment by the European Commission could happen in future (this is expected before the end of the transition period in December 2019), but first the UK has to leave the EU and then the Commission has to follow the rules in Article 45 of the GDPR.

This means that the Commission has to involve the European Data Protection Board (EDPB) as part of the adequacy determination process so it won’t be a quick process. However, UK may not get an assessment of adequacy at all.

Full article: Draft Withdrawal Agreement does not guarantee frictionless free flow of personal data from European Union

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection.

This article provides 10 initial conclusions on Draft EU-UK Withdrawal Agreement.

Full article: Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

UK government adopts draft Brexit withdrawal agreement

The cabinet has agreed a draft withdrawal agreement on the UK’s exit from, and future relationship with the European Union. In terms of data protection, the documents reaffirms the UK government’s commitment to a high level of data protection during and after Brexit.

The future relationship with the EU is described in just seven pages. The EU will commence its evaluation of the UK’s data protection framework with the aim of decisions by the end of 2020. There will be ‘appropriate cooperation between regulators.’ The draft withdrawal agreement talks about ‘essential equivalence’ rather than adequacy.

Full artisle: UK government adopts draft Brexit withdrawal agreement – Privacy Laws & Business

ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

An investigation conducted by the Information Commissioner’s Office (ICO) into a data breach suffered by Leave.EU has left the pro-Brexit campaign group with a huge financial penalty. Fines totalling £135,000 have been imposed upon Leave.EU as well as an insurance company owned by the organisation’s founder Arron Banks, due to the illegal use of personal data through political campaigning, the BBC news website reports.

Source: ICO hits Leave.EU and Arron Banks insurance company with £135,000 in fines

What does the newly signed ‘Convention 108+’ mean for UK adequacy?

The Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) has been given an overhaul to bring it into line with the General Data Protection Regulation. While Convention 108 is not an EU document, the European Commission sees the protocol as a way of encouraging “third countries” to adopt the basic tenets of the GDPR. This could be particularly interesting for the U.K., which will become a third country after Brexit.

Full article: What does the newly signed ‘Convention 108+’ mean for UK adequacy?

>