The United Kingdom left the European Union on January 1, 2021. After an extreme deal was signed on December 23, a less radical Brexit will come into force. However, not all details are sorted out, as is the case with the General Data Protection Regulation (GDPR). The National Commission on Informatics and Freedoms (CNIL) reports that the GDPR “will apply temporarily in the UK for an additional period of up to 6 months”.
Exception to the rule: the one-stop shop. As of January 1, 2021, this process introduced by the GDPR to harmonize the decisions of data protection authorities on cross-border processing will no longer be applicable in the UK. For controllers and processors based solely in the UK, this means that they are required to appoint a representative of the Union. Second exception to the rule: if the controllers and the processors have an establishment in the European Economic Area, a delimitation that covers more countries than the European Union, the only window remains.
In the same category
Video Conferencing: How Did Video Chat Explode Between Innovations And Democratization Of Practices In 2020?
“As a result, the transfers of personal data to the UK will continue to take place in the current framework until July 1, 2021 and will not be considered a transfer of data to a third country,” according to the CNIL. If, at the end of this transition period, the European Commission does not take a general decision on transferring data to the UK, the country will be listed as a third country. This implies the implementation of guarantees provided in the GDPR, such as: B. Standard contractual clauses or binding company rules.
The definition of an agreement for July 2021 is still unclear and promises twists and turns. Vera Jourová, Vice-President of the European Commission responsible for values and transparency, stated at the beginning of 2020: “We do not know whether the UK will introduce changes in its national law or not, it could deviate from the general line of the GDPR” . British Prime Minister Boris Johnson has repeatedly pointed to less restrictive rules than the GDPR.
The United Kingdom is a member of the “Five Eyes”, an alliance between the British, Australian, Canadian, New Zealand and American intelligence services. This position could make it difficult to adopt an agreement, as is the case with American regulations. In July 2020, the Privacy Shield, an agreement with the United States on data protection, was declared invalid by the Court of Justice of the European Union, and a new agreement is currently being discussed.
So nothing is gained in advance. According to a study by the New Economics Foundation and University College London, the cost to UK companies without an agreement on personal data could run to 1.8 billion euros.