The GDPR Effect On Brexit

Uploaded on 2017-06-20 in BUSINESS-Services-Law, FREE TO VIEW, GOVERNMENT-National, NEWS-Cybersecurity News

It is not yet clear how the UK's vote to leave the European Union will impact data processing and sharing across Europe. Businesses will need to anticipate possible new barriers to data sharing whilst at the same time working to encourage pragmatic solutions.
 
However, Brexit should not distract businesses from preparing for implementation of the EU General Data Protection Regulation in 2018. Reforms are coming with or without Brexit.

In practice, however, it is unlikely that Brexit will be significantly disruptive from a data protection perspective.

The UK's future data protection regime will to some extent depend on the nature of the UK's wider future relationship with the EU.

If the UK joined the EEA it would be obliged by agreement with the EU to pass a new law effectively implementing the GDPR in the UK. In that case, therefore, the impact of Brexit on UK data protection regulation would be minimal.

Any other post-Brexit arrangement would be likely to involve some agreement between the UK and the EU. This may or may not involve commitments from the UK regarding its data protection regime, clearly, however, those commitments would not require a higher standard of data protection than the GDPR.

Subject to any data protection commitments that the UK might make to the EU, the UK would, in theory, be free to regulate data protection post-Brexit as it saw fit.

This freedom would, however, be more theoretical than real. The GDPR, like the DP Directive, will impose tight restrictions on transfers of personal data from the EU and EEA to other countries which do not ensure an "adequate" level of protection for personal data.

The European Commission, with the EU Court of Justice looking over its shoulder, will need to decide whether the UK's new regime ensures an adequate level of protection.

A decision that the UK did not provide an adequate level of protection would be disruptive, putting the UK in the same category as non-EEA countries, such as the US, China and India, and requiring burdensome administrative steps to be taken to allow data sharing between the EU and the UK to continue.

In practice, therefore, the UK is likely to adopt a GDPR-like level of data protection, so as to ensure that EU and UK businesses can continue to share personal data.

Clifford Chance:

You Might Also Read:

EU’s New Data Rules Are 1 Year Away:

EU / US Privacy Shield Affects Your Organisation:

 

 

 

« Trump Handed Russia Classified Intelligence
Video Game Imagines Humans Relying On Robots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Eastern Cyber Resilience Centre (ECRC)

Eastern Cyber Resilience Centre (ECRC)

The Eastern Cyber Resilience Centre is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

Traceable

Traceable

Traceable was founded to protect applications from next-generation attacks.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

Third Wave Innovations

Third Wave Innovations

Third Wave Innovations (formerly RCS Secure) offers a full spectrum of cybersecurity safeguards and IT services.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.