Personal Data Transfers – No Deal Brexit

The Data Protection Commissioner has issued guidance regarding Personal Data Transfers to and from the UK

https://dataprotection.ie/en/news-media/latest-news/dpc-issues-important-message-personal-data-transfers-and-uk-event-no-deal

, including Northern Ireland, in the event of a ‘no deal’ Brexit. The main
points of her guidance are:

• In the event of a ‘no deal’ Brexit, the UK will become a “third
  country” for the purposes of EU personal data transfers from the 30th
  March
• The EU Commission outlines the legal mechanisms that can be used to
  underpin transfers from an EU member state to a third country,
  including;

1 International data transfers using model contracts

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en

2 Binding corporate rules (for transfers within multinationals)

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en

3 Adequacy Rules (and currently EU has not included UK in this section)

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

• Data flows from the UK to the EU after March 2019,
  according to the UK Government, the current practice, which permits
  personal data to flow freely from the UK to the EU member states, will
  continue in the event of a ‘no deal’ Brexit.
  
  https://www.gov.uk/government/publications/data-protection-if-theres-no-brexit-deal/data-protection-if-theres-no-brexit-deal
  

In the event of a “No Deal” Brexit, (and that European Commission does not
make an adequacy decision regarding the UK at the point of exit) and where
your organisation has Personal Data Flows from the EU to the UK, you should now consider:

• Mapping the personal data being transferred to the UK (including
  Northern Ireland) currently. Consider outsourced Payroll service
  providers, IT/data servers located in the UK, security monitoring ARCs
  based in the UK, Insurance and HR service providers
• Assess the various transfer mechanisms to decide which ones best suit
  the situation
• Be ready to implement a suitable transfer mechanism in the event of a
  “No Deal” Brexit.

If you would like any additional information or advice as to how to prepare
for this particular challenge, contact our Data Protection team on 042 9743040