The new data protection legislation – better known as GDPR – implemented in 2018 was an EU-led initiative to ensure consistency, ease of legal transfer and security for individuals. EU red tape to many, but there are significant positives. Now Boris has his majority, the likelihood is that the UK will leave the EU on January 31st – so what happens then?
Firstly, this is high on the agenda, with Michel Barnier’s October announcement of the Brexit deal specifically mentioning the transfer of Personal Data. Secondly, the UK Government aren’t going to scrap or downgrade GDPR. Why would they start unpicking technical laws that will affect so many British businesses adversely if
laws are changed?
In terms of what happens next, then a technical point is worth highlighting. The legislation doesn’t cover just the EU, but the European Economic Area (EEA) which is the EU, plus Iceland – which hosts lots of your Cloud-based data – Norway and
However, if for any reason we aren’t included on that list, or we end up leaving with ‘No Deal’ after all for some reason, then a significant amount of extra work may well be needed for UK businesses, with ‘Adequacy Decisions’, ‘Appropriate Safeguards’ and ‘Exceptions’ all coming into play.
But we’ll leave that for another day if it’s needed…