Interesting Articles

The Information Commissioner's Office has issued the following guidance in the event of a “no deal Brexit”

“The basis on which the UK will leave the EU has still to be decided. The Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow. But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA) may be affected. Personal information has been able to flow freely between organisations in the UK and European Union without any specific measures. That’s because we have had a common set of rules - the GDPR. But this two-way free flow of personal information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data. In this event, the Government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected”

Evolve North Guidance

  • Establish the location and flow of all personal data within your business – do not assume your client or staff data is not held or processed in the EEA
  • It is likely in the event of a “no deal Brexit” that personal data transfers from the EEA to the UK will be affected – ensure you pre-empt by establishing data sharing and processing agreements in advance
  • EEA organisations will likely want you to provide evidence of your compliance with the GDPR and possibly other standards including ISO27001
  • Have your supporting documentation in place and up to date

 The following links provide further advice:

If you require any assistance, clarification or guidance, please do not hesitate to contact us. We are providing gap analysis and remediation services with respect to managing Data Protection if there is a “no deal Brexit”.