A recent paper by the UK government sensibly sets out proposals to ensure that the UK is deemed to have an adequate data protection framework, thus allowing the continued flow of personal data between the EU and the UK, post-Brexit.
Given the volume of personal data being maintained by organisations of all shapes and sizes, this seems a very prudent concept. Also, politics aside, there really should not be too much of an issue with this as the UK will have implemented the General Data Protection Regulation (GDPR) prior to Brexit, and thus should have perfect harmony with the EU in respect of data protection. Although any subsequent changes to the UK regime may cast that in a different light, and of course politics can never be dismissed from interfering.
This proposal reinforces the need for UK companies to get ready for GDPR, as there is no intention from any side for this to go away as Brexit enfolds. Therefore getting your house in order now must be a priority - this does not just involve a legal analysis but also fully appreciating how data is used and where it resides so that is can be appropriately managed. This is not a task that should be taken lightly given the portability and transient nature of data and how critical it is to most organisations. UK companies need to act now as Brexit is not going to save them from this regulation!
The exchange and protection of personal data, the UK government’s paper, published today, suggests that it is important to agree now a UK-EU model for international data transfers in order to avoid any disruption to business in the future. The government believes ‘it would be in the interest of both the UK and EU to agree early in the process to mutually recognise each other’s data protection frameworks as a basis for the continued free flows of data between the EU (and other EU adequate countries) and the UK from the point of exit, until such time as new and more permanent arrangements come into force.’