The Information Commissioner’s Office (ICO) and the UK Department for Culture, Media and Sport (DCMS) have each issued no-deal Brexit data protection guidance.
EU/UK personal data transfers
The UK government has committed to incorporating the General Data Protection Regulation (GDPR) into domestic UK law when the UK leaves the EU. This means there will not be any substantive changes to the data protection rules that companies in the UK must follow.
However, companies that transfer personal data between the UK and the European Economic Area (EEA), and vice versa, will be affected.
Elizabeth Denham, the UK Information Commissioner, recently published a blog post about the transfer of personal data from the EEA to the UK. The current free flow of personal data from the EEA to the UK will no longer be possible. A withdrawal agreement must therefore specifically provide for the status quo to continue.