United Kingdom and GDPR: Is Brexit affecting your personal data processing?
Brexit has changed and will change current European policy and economic framework. The EU has lost one of the most important country of European continent while the UK has decided to leave the European Internal Market. Moreover, the uncertainty provoked by Brexit also affect the law of European Union and the application of European legislative acts within UK territory.
One of the most important regulations entered into force is the General Data Protection Regulation (“GDPR”), which aims to protect European users’ personal data while empowering and encouraging the transfer of personal data within and outside European territory in compliance with data protection principles.
According to a privacy perspective, there might be the risk that tech giants such as Google decide to move data of British users from the EU to the US, placing them outside the strong protection framework offered by European Regulators. Another reason of concern is that the US offers the weakest privacy protections compared to any major economy, with no broad law despite years of advocacy by consumer protection groups.
Brexit and EU data protection regulations are likely to make the data-sharing agreements that cover transfer of user information from one part of a global business to another extremely complicated. In the event UK decides not to adopt rules that form equivalent data protections to that granted by GDPR, then extensive data-sharing agreements may be necessary.
Under these circumstances, it is still unpredictable how UK will tackle current European regulations: especially the GDPR. Legal certainty would require the implementation of rules and guidelines in line with GDPR. Contrarily, in absence of commitment with European Privacy Standards, British users may see their personal data enter into a jurisdiction where mass surveillance programmes are strong and operative.
The General Data Protection Regulations brought new rules and principles. One of the new provisions is the implementation of the Data Protection Officer (“DPO”). Check here our article about the new important role: https://www.vgscorporatelawyers.com/data-protection-officer-tasks-and-operation-natural-or-legal-person/