The draft legislation, The data protection, privacy and electronic communications (amendments etc) (EU exit) regulations 2019, have been prepared to ensure that the UK data protection legal framework continues to function correctly after Brexit. The instrument amends the Privacy and Electronic Communications Regulations 2003 (PECR), UK GDPR and the DP Act 2018. The Brexit Withdrawal Agreement retains the GDPR as part of UK domestic law. This instrument establishes transitional provisions in the DP Act 2018 in relation to adequacy decisions, standard contractual clauses and binding corporate rules. The use of Standard Contractual Clauses that have previously been issued by the European Commission will continue to be an effective basis for international data transfers from the UK to third countries after exit day. For the purposes of the PECR, the GDPR definition of consent will apply. "The DP Act 2018 extended GDPR standards to general processing activities that were outside the scope of EU law via the ‘applied GDPR’. As the GDPR will no longer apply directly in the UK, this instrument introduces a single regime for general processing activities known as the UK GDPR. It is necessary to make changes throughout the DP Act 2018, and to other legislation, as a result of this," the government says. This instrument will remove references in the UK GDPR, for example, to EU Member States, Union law and the European Commission; replacing them, where appropriate, with references that will operate correctly in domestic law. The functions that are assigned to the European Commission in the GDPR will be transferred to the Secretary of State or the Information Commissioner.
If you require any assistance, clarification or guidance, please do not hesitate to contact us.
“The basis on which the UK will leave the EU has still to be decided. The Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow. But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA) may be affected. Personal information has been able to flow freely between organisations in the UK and European Union without any specific measures. That’s because we have had a common set of rules - the GDPR. But this two-way free flow of personal information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data. In this event, the Government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected”
The following links provide further advice:
If you require any assistance, clarification or guidance, please do not hesitate to contact us. We are providing gap analysis and remediation services with respect to managing Data Protection if there is a “no deal Brexit”.
This article addresses some of the most common questions we receive about the role of the Data Protection Officer (DPO):
The introduction of the EU General Data Protection Regulation and the associated UK Data Protection Act 2018 has led to concerns and confusion within businesses around what they can and can’t do with personal information.
One area of concern is if and how existing contacts can be used for marketing purposes, and if so what do they need to do to make sure this is legal and in line with the new regulations. Businesses are worried they may need to delete customer databases and the potential monetary impact this may have on their business.
So, what is the truth behind GDPR and marketing and could it in fact be a force for good? This article provides some guidance on what this may mean for your business and quashes some of the myths currently in circulation.