ICO to Help Businesses Prepare for Data Disruption in Case of No-Deal Brexit
The Information Commissioner’s Office and the government will be providing guidance for UK businesses and SMEs, in particular, on how to prepare for a potential no-deal Brexit. Businesses that rely on transfers of personal data between the UK and the EEA, may need to take special precautions to maintain the flow of data if the UK leaves the Union without a withdrawal agreement, according to the ICO.
The EU’s General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, preventing any “substantive change” to the rules that most organisations need to follow. This excludes organisations that rely on transfers of personal data between the UK and the EEA, which may be impacted, according to Information Commissioner Elizabeth Denham.
If the UK leaves without a deal in place that specifically provides for the continued flow of personal data, Denham said in a blog post that the government has already made clear its intention to permit data to flow from the UK to EEA countries.
However, transfers of personal information from the EEA to the UK will be affected, she said, and to help organisations understand the implications and to plan ahead, the ICO has published three guidance documents.
The first is a guide on six steps to take, the second is broader guidance on the effects of leaving the EU without a withdrawal agreement, and the third is a general overview in the form of frequently asked questions.