ICO myth-busts on the flow of data post Brexit

The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario

EUropean map with data graphics

The Information Commissioner's Office (ICO) posted a myth-busting blog for small and medium businesses (SMBs) ahead of World Data Protection Day, with facts on how data will be transferred post-Brexit.

The Information Commissioner Elizabeth Denham explained how personal data will continue to flow between the UK and EU after Brexit.

At the moment personal data flow is unrestricted because the UK is still an EU member state and if the proposed EU withdrawal agreement is approved, businesses can be assured that personal data will continue to flow until 2020 while a longer-term solution is put in place.

However, a 'no-deal' exit is still a possibility with the government yet to agree on a plan. This means that EU law will require additional measures to be put in place by UK companies when personal data is transferred from the EEA to the UK, in order to make them lawful.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Like everyone in the UK right now, we are following the twists and turns of the Brexit negotiations," Denham wrote. "The sharing of customers, citizens and employees personal data between EU member states and the UK is vital for business supply chains to function and public authorities to deliver effective public services."

With less than two months to go until the UK leaves the EU, Denham's blog sets out to bust the misconceptions about what a 'no-deal' Brexit would mean for UK companies transferring personal data to and from the EEA.

According to Denham, in the event of a 'no deal' situation, despite the UK government already making it clear its intention to enable data to flow from the UK to EEA countries without additional measures, transfers of personal data from the EEA to the UK will be affected.

"The key question around the flow of personal data, is whether your data is going from the UK to the EEA or exchanged both ways?" she wrote. "If you are unsure, start by mapping your data flows and establish where the personal data you are responsible for is going. All businesses operating in the EEA should consider whether they need to take action now."

Denham also explained that it is the responsibility of every business to know where the personal data it processes is going and that a proper legal basis for such transfers exists.

"Personal data transfers are not about whether your business is exporting or importing goods," she wrote. "You need to assess whether your business involves transfers of personal data, such as names, addresses, emails and financial details to and from the EEA and if this is going to be lawful in the case of 'no-deal'."

Advertisement - Article continues below

"Don't presume you are covered by the structure of your company," Denham also warned. "In the case of 'no-deal', UK companies transferring personal information to and from companies and organisations based in the EEA will be required by law to put additional measures in place. You will need to assess whether you need to take action."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/security/data-breaches/354611/misconfigured-security-command-exposes-250-million-microsoft-customer
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020