Privacy notices in a post-Brexit era: A review is needed
Emma Erskine-Fox of TLT advises on adjustments that should be made to privacy policies to ensure compliance.
The Brexit deal reached on 24 December 2020 has finally given UK organisations a level of certainty on one of the most significant data protection issues raised by Brexit: whether personal data can continue to flow freely from the EU to the UK without additional measures in place. The six-month grace period agreed as part of the deal means that data transfers can continue as normal for the time being, pending a formal UK adequacy declaration being made by the European Commission.
This will have come as a relief to many organisations, but the work is by no means over. As well as using the coming months to prepare for a potential no-adequacy scenario (as recommended by the Information Commissioner’s Office), UK organisations will have work to do to ensure that their data protection compliance frameworks remain appropriate now that the EU General Data Protection Regulation (EU GDPR) no longer has direct effect in the UK. This will include not just a review of governance frameworks and internal documentation, but also revisiting privacy notices and potentially making amendments to reflect the changes required as a result of Brexit.
UK Report subscribers please login to access the full article.
If you wish to subscribe please see our subscription information.