The government has published guidance for UK organisations on transfers of personal data in the event of a so-called no-deal Brexit. In particular, the guidance sets out actions for UK organisations to take to enable the continued flow of personal data between the UK and the European Union (EU) in such an event.
While emphasising the fact that a no-deal Brexit is “unlikely”, the guidance notes that it is important to prepare for all eventualities.
The guidance forms part of the government’s series of notices on a no-deal Brexit, aimed at businesses and citizens.
The current position
The UK has a comprehensive data protection framework, consisting of the Data Protection Act 2018, which is a UK-specific law, and the General Data Protection Regulation (GDPR), which applies across the EU Member States.
The GDPR does not restrict transfers of personal data within the EU. Transfers can also be made outside of the EU if there is an appropriate legal basis for doing so.