The level of uncertainty among companies and private individuals who are affected by the UK’s exit from the EU is increasing. In this case, data protection would also be affected.
The main problem is that all other regulations would lose their validity. However, the transmission of data requires a legal basis. This would put them on a par with third countries such as the United States. Experience with the Save Harbor Agreement, the US Privacy Shield or the Cloud Act shows that international data transfer is a very difficult construct. Businesses in the EU must therefore review any circumstances in which personal data is transmitted or made available to businesses in the United Kingdom and, if necessary, adapt them to applicable law. For example, a contract for order data processing would no longer be sufficient as a legal basis after a hard Brexit. EU companies will then have to request individual data protection guarantees from UK companies.
Who Is Affected By Brexit?
It is particularly difficult for companies that are based in the UK or if the parent company is based there. But companies that transmit personal data there are also affected. According to a BITKOM survey, this applies to 15% of international companies. However, companies and institutions that use IT services from companies based in the United Kingdom are also affected- in the form of cloud solutions. Because personal data is also transmitted here.
Take The Right Precautions
But that is certainly not the end of business relationships, as there are still some ways to meet the data protection standards. In addition, in the case of the UK, it is very likely that the third country regime will only apply for a limited time, as both the EU and the British should be interested in removing any obstacles as quickly as possible. The most important thing is that you deal with the topic as quickly as possible. First, make sure you are affected at all. Don’t forget to check whether there is an online service provider in the UK, such as an analytics service provider.
In the second step, check which measures are necessary in order not to endanger the legally secure data exchange and take precautions that can be implemented quickly in an emergency. This can also include separating from British service providers and using EU providers. This means that every risk can be excluded. Last but not least, provide information on data transfer to third countries if you continue to use UK services. To be on the safe side, do this now.
