Last updated: 15.08.19

No Deal Brexit: Moving data between UK and EU businesses

Will Brexit affect Data Transfering with Europe?

Recent political events, not least the appointment of Boris Johnson as Prime Minister of the United Kingdom, do suggest that the likelihood of the country leaving the EU without any kind of deal in October is perhaps more likely than ever. Regardless of which side of the fence you’re on, most experts believe that leaving the EU without a deal will have significant consequences for businesses across the country if they are not suitably prepared. Given how closely our rules and regulations are intertwined, it’s no surprise that No Deal could affect many different aspects of business - it’s not just about things like import tariffs.

One of the things that people will be thinking about is data, and data security. This is something that has increased in importance in the last few years, and both the EU and the UK have made great strides to help ensure that data belonging to individuals and businesses is secure, and processed lawfully. The question is, if we leave without a deal, how will that change things when it comes to moving data between the UK and EU? If your business will operate in both, then it’s an important consideration to make. Let’s take a quick look at what you might need to know.

Which laws are important?

The most significant piece of legislation to be aware of is one that you will almost certainly have heard before, and that’s GDPR. The General Data Protection Regulations were created by the EU a couple of years ago, and fully came into force in 2018. This wide-reaching law dramatically changed the way businesses and other organisations in the EU are allowed to process personal data, which means how it’s used, stored and transferred.

There’s also the Data Protection Act 2018, which is a UK law that must be read alongside and supplement GDPR.

How will No Deal affect things?

Fortunately, despite No Deal being somewhat of an unknown in a great many regards, in this situation we do have a fair amount of clarity, which will come as a relief to many businesses. When it comes to the transferral of data between the UK and EU, little if nothing will change. This is because, as part of the EU Withdrawal Act 2018, GDPR will become retained law, whether or not the country reaches an agreement with the EU. In theory, this keeps the status quo and removes much of the concern.

This means that all of the same requirements will be kept, the same expectations will be made, and the same permissions granted. Crucially, it also means that the EU will be an approved destination for transfers of personal data, provided processing is lawful as per the important elements of GDPR.

We cannot be sure if the UK government will make changes at a later date, but as far as can be reasonably foreseen, transfers of data between the UK and EU will continue in accordance with law as they do now.

How can you find out more?

In terms of finding out more about potential rule changes, the website is the best resource for updates, and brief guides to the EU Withdrawal Act 2018 may also be useful for gaining an overview of what will happen if and when the UK leaves the EU GDPR included. If, however you feel you need further information on how GDPR works, and what your responsibilities are when it comes to transferring personal data between countries, then we would recommend taking a GDPR training course. Click here to find out about ours.


Does Brexit affect GDPR?

The extent and nature of Brexit remains unclear, but UK data protection law will remain in place and the government will apply GDPR principles when leaving the EU, so very little is likely to change in terms of compliance. For companies dealing with data from EU citizens, GDPR will still apply.

What is the GDPR 2018?

The General Data Protection Regulation 2018 is the EU regulation introduced in 2018 to cover data protection and privacy for all of the countries and individuals within the European Union.

Does GDPR apply to Britain and UK citizens?

Currently, Britain remains in the EU, so GDPR certainly applies. UK data protection law post-Brexit is likely to be very aligned with that of the EU, so compliance regulations are unlikely to change much, if at all.

How did GDPR come about?

GDPR was introduced to bring data protection laws in the European Union up to date with the current digital landscape, with its predecessor, the Data Protection Directive, dating back to 1995. The directive also allowed more customisation by EU member states, whereas a regulation makes data protection compliance more unified.

Check out our full range of FAQs. Click Here to view.

Related resources