James Morgan, founder, Event Tech Lab on Brexit’s impact on GDPR
The events industry spent lot of time in 2017 and 2018 preparing for the EU’s new data regulation GDPR.
Data management, storage and dissemination were all dealt with under the new regulations with companies spending a lot of time and money on creating new processes to comply with the new regulations.
Well that’s all in place now, but how is our sector going to be impacted on post-Brexit? I talked to the Information Commissioners Office to get the low-down on post-Brexit GDPR.
GDPR will be absorbed into UK law when the UK exits the European Union. There will be no substantive changes to the regulations and its just a case of copy and paste into UK law. Information will then flow freely between the UK and the European Economic Area.
This assumes that Parliament has had time to enact all the laws including GDPR in time for the 29 March deadline. But what if there is a ‘no deal’ Brexit? In that case, precautionary arrangements will need to be made by companies transferring data over the boarder.
First, your organisation should carry on complying with GDPR. If you have UK and EU offices, then there is no need (yet) to have a data protection officer in each jurisdiction.
Second, on data transfer to the UK, think about what GDPR safeguards you can put in place to ensure that data can continue to flow once we are outside the EU jurisdiction. Third, data transfers out of UK will need to comply with data laws in other jurisdictions – such as EU, USA or others.
Finally, review your documentation and make any changes to update the fact the UK has left the EU. But its not as simple as an UK/EU consideration. US trade negotiators are contemplating a hard line and asking for a reduction in the UK’s overly-burdensome consumer data rules in any new deal.