Personal Data Transfers – No Deal Brexit

23rd January 2019

The Data Protection Commissioner has issued guidance regarding Personal Data Transfers to and from the UK

, including Northern Ireland, in the event of a ‘no deal’ Brexit. The main
points of her guidance are:

  • In the event of a ‘no deal’ Brexit, the UK will become a “third
    country” for the purposes of EU personal data transfers from the 30th
  • The EU Commission outlines the legal mechanisms that can be used to
    underpin transfers from an EU member state to a third country,

1 International data transfers using model contracts

2 Binding corporate rules (for transfers within multinationals)

3 Adequacy Rules (and currently EU has not included UK in this section)

In the event of a “No Deal” Brexit, (and that European Commission does not
make an adequacy decision regarding the UK at the point of exit) and where
your organisation has Personal Data Flows from the EU to the UK, you should now consider:

  • Mapping the personal data being transferred to the UK (including
    Northern Ireland) currently. Consider outsourced Payroll service
    providers, IT/data servers located in the UK, security monitoring ARCs
    based in the UK, Insurance and HR service providers
  • Assess the various transfer mechanisms to decide which ones best suit
    the situation
  • Be ready to implement a suitable transfer mechanism in the event of a
    “No Deal” Brexit.

If you would like any additional information or advice as to how to prepare
for this particular challenge, contact our Data Protection team on 042 9743040