ICO myth-busts on the flow of data post Brexit

The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario

EUropean map with data graphics

The Information Commissioner's Office (ICO) posted a myth-busting blog for small and medium businesses (SMBs) ahead of World Data Protection Day, with facts on how data will be transferred post-Brexit.

The Information Commissioner Elizabeth Denham explained how personal data will continue to flow between the UK and EU after Brexit.

At the moment personal data flow is unrestricted because the UK is still an EU member state and if the proposed EU withdrawal agreement is approved, businesses can be assured that personal data will continue to flow until 2020 while a longer-term solution is put in place.

However, a 'no-deal' exit is still a possibility with the government yet to agree on a plan. This means that EU law will require additional measures to be put in place by UK companies when personal data is transferred from the EEA to the UK, in order to make them lawful.

Advertisement
Advertisement - Article continues below

"Like everyone in the UK right now, we are following the twists and turns of the Brexit negotiations," Denham wrote. "The sharing of customers, citizens and employees personal data between EU member states and the UK is vital for business supply chains to function and public authorities to deliver effective public services."

With less than two months to go until the UK leaves the EU, Denham's blog sets out to bust the misconceptions about what a 'no-deal' Brexit would mean for UK companies transferring personal data to and from the EEA.

According to Denham, in the event of a 'no deal' situation, despite the UK government already making it clear its intention to enable data to flow from the UK to EEA countries without additional measures, transfers of personal data from the EEA to the UK will be affected.

"The key question around the flow of personal data, is whether your data is going from the UK to the EEA or exchanged both ways?" she wrote. "If you are unsure, start by mapping your data flows and establish where the personal data you are responsible for is going. All businesses operating in the EEA should consider whether they need to take action now."

Denham also explained that it is the responsibility of every business to know where the personal data it processes is going and that a proper legal basis for such transfers exists.

"Personal data transfers are not about whether your business is exporting or importing goods," she wrote. "You need to assess whether your business involves transfers of personal data, such as names, addresses, emails and financial details to and from the EEA and if this is going to be lawful in the case of 'no-deal'."

"Don't presume you are covered by the structure of your company," Denham also warned. "In the case of 'no-deal', UK companies transferring personal information to and from companies and organisations based in the EEA will be required by law to put additional measures in place. You will need to assess whether you need to take action."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019