As the British Parliament’s vote on Brexit last Tuesday has been postponed, it remains unclear whether there will be a hard or a soft Brexit. There have been ongoing negotiations on the related agreements – the question is how will Brexit possibly affect the data protection law.
The present draft for a transitional agreement stipulates that European data protection law will continue to apply in the main during the transitional phase until the end of 2020. Important to mention here is the distinction made in the agreement between the two types of data: data processed up to the end of the transitional period on the one hand and data processed thereafter on the other. Thus, EU data protection law will continue to apply until the end of the transitional period. After that, Article 71 of the Agreement opens up the possibility for the UK to adopt national data protection legislation. For the new national law, an adequacy decision will be negotiated with the European Commission. Should this be dropped, the UK will commit itself to guarantee essentially the same data protection laws. It is important that the UK data will be treated like data from a Union Member State in this case, according to Article 73 of the Transitional Agreement.
A hard Brexit without a Transitional Agreement, might have serious consequences for data processors. According to the European Commission (publication of 13.11.2018)it can be assumed that in case of a hard Brexit significant impacts for data protection may occur. Companies and member states should assess potential risks and, if necessary, take measures to mitigate them.
Should a no-deal scenario occur, the UK will be considered a third country in terms of data protection from 30 March 2019 on. Should this happen, we will report in more detail on this matter later.
The British government will make its decision on Brexit presumably at the beginning of the next year.