ICO myth-busts on the flow of data post Brexit

The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario

EUropean map with data graphics

The Information Commissioner's Office (ICO) posted a myth-busting blog for small and medium businesses (SMBs) ahead of World Data Protection Day, with facts on how data will be transferred post-Brexit.

The Information Commissioner Elizabeth Denham explained how personal data will continue to flow between the UK and EU after Brexit.

At the moment personal data flow is unrestricted because the UK is still an EU member state and if the proposed EU withdrawal agreement is approved, businesses can be assured that personal data will continue to flow until 2020 while a longer-term solution is put in place.

Advertisement - Article continues below

However, a 'no-deal' exit is still a possibility with the government yet to agree on a plan. This means that EU law will require additional measures to be put in place by UK companies when personal data is transferred from the EEA to the UK, in order to make them lawful.

"Like everyone in the UK right now, we are following the twists and turns of the Brexit negotiations," Denham wrote. "The sharing of customers, citizens and employees personal data between EU member states and the UK is vital for business supply chains to function and public authorities to deliver effective public services."

Advertisement
Advertisement - Article continues below

With less than two months to go until the UK leaves the EU, Denham's blog sets out to bust the misconceptions about what a 'no-deal' Brexit would mean for UK companies transferring personal data to and from the EEA.

According to Denham, in the event of a 'no deal' situation, despite the UK government already making it clear its intention to enable data to flow from the UK to EEA countries without additional measures, transfers of personal data from the EEA to the UK will be affected.

Advertisement - Article continues below

"The key question around the flow of personal data, is whether your data is going from the UK to the EEA or exchanged both ways?" she wrote. "If you are unsure, start by mapping your data flows and establish where the personal data you are responsible for is going. All businesses operating in the EEA should consider whether they need to take action now."

Denham also explained that it is the responsibility of every business to know where the personal data it processes is going and that a proper legal basis for such transfers exists.

"Personal data transfers are not about whether your business is exporting or importing goods," she wrote. "You need to assess whether your business involves transfers of personal data, such as names, addresses, emails and financial details to and from the EEA and if this is going to be lawful in the case of 'no-deal'."

"Don't presume you are covered by the structure of your company," Denham also warned. "In the case of 'no-deal', UK companies transferring personal information to and from companies and organisations based in the EEA will be required by law to put additional measures in place. You will need to assess whether you need to take action."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020