Governance, Procurement & Information News
28 October, 2020
As the Brexit transition period comes to an end on 31st December 2020, organisations now need to begin to prepare for changes to the way in which they work from 1st January 2021. Whilst there continues to be uncertainty as to whether any deal will be reached with the EU, organisations should be aware of what steps they will need to take in the event there is a 'no deal' Brexit.
If there is a no deal Brexit, data transfers to and from the EU will pose a challenge for organisations from the 1st January 2020 and organisations should familiarise themselves with what action needs to be taken if this is the case.
Earlier this month, the Department for Culture, Media and Sport updated its guidance for organisations on transfers of personal data between the UK and the EU after the end of the transition period, and stated it was confident that the European Commission would make an 'adequacy decision' for the UK before 1 January 2021. This would mean that personal data would be able to be sent from an EEA state to the UK without any further safeguard being necessary. If an adequacy decision is secured by the end of the transition period, the free flow of personal data from the EU to the UK will continue uninterrupted.
Despite the expression of confidence from the government, there has been no confirmation from the European Commission that an adequacy decision will be secured prior to the 1st January 2021. Therefore, until an adequacy decision is secured, organisations will need to put other safeguards in place to permit transfers of personal data from the EU to the UK under the GDPR. The most appropriate safeguard in many cases will be the adoption of 'Standard Contractual Clauses'. These are standard clauses, approved by the European Commission, that organisations can use when transferring personal data to other countries to ensure they comply with the rules on international transfers in the GDPR.
Given that there are now 2 months to go until the end of the transition period, organisations should take the following steps to prepare for there being no adequacy decision secured by the 1st January 2021:
The Information Commissioner's Office has published extensive guidance for both SMEs and large organisations which can be found at - https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/
For more information contact Bethany Paliga in our Governance, Procurement & Information department via email or phone on 01254 222347. Alternatively send any question through to Forbes Solicitors via our online Contact Form.