4 things to know about GDPR after Brexit
by Veronika Schipper, on Aug 26, 2019 10:17:46 AM
When thinking of Brexit, GDPR and data protection might not be the first thing that comes to mind. However, as we are getting closer to the day when the UK will leave the European Union (October 31, 2019), the question of data regulation arises. So whether you are doing business with the UK or you have data stored in the UK, here is what you should know about GDPR after Brexit.
1. "No-deal" Brexit
As many are convinced, there is a big chance of "no-deal" Brexit scenario to happen. That means the UK will withdraw from the European Union without a transition period and will automatically become a "third country", a country that does not belong the EU/EEA (European Economic Area). As a result, the UK will no longer have to comply with European laws and GDPR. The complete legal structure around personal data and their transfer from one organisation to another within the EU and outside of it will be affected.
2. Brexit with a transition period
There is a (slight) possibility that the UK will reach an agreement with the EU in which case the UK can agree to remain a subject to EU law and GDPR even after Brexit. That would, however, apply only to a certain period after which the UK will become a "third country" as stated above. Companies will have to prepare for new data regulations sooner or later.
3. GDPR and data transfers
In the event of "no-deal" Brexit, it is not going to be as simple to transfer data from an EU-based company to one based in the UK, as it is now. Any company will have to prepare for this scenario straight away. The free flow of personal data to countries outside of the EU is per GDPR allowed only with appropriate contracts. The standard contractual clauses, approved by the EU, will enable the transfer of personal data when embedded in a contract. More info on this is available from the Information Commissioner's website. Transfers of personal data from the EU to the UK are not restricted, and UK organisations will continue to be able to send personal data freely to the EU.
4. Moving data sets from the UK to the EU
One of the critical points in GDPR is the personal data protection of the European citizen. If you use BigQuery for your data queries, this means that the datasets you are using cannot be stored in any other region than the European Union. If they are saved in the UK, it might be a good idea to start migrating before Brexit.
Unfortunately, there is no export functionality to allow this job to happen in Google Cloud Platform quickly. But there are two ways how to do it using Google Cloud Dataflow or Google Cloud Datalab described in more details here.
Most companies operating in the UK will have two options to ensure legal transfer of personal data. To work with contractual clauses, which results in extra bureaucracy or move datasets/ servers to the EU countries.
We can you help you migrate BigQuery tables across regions. Get in touch for more info.
Crystalloids helps companies improve their customer experiences and build marketing technology. Founded in 2006 in the Netherlands, Crystalloids builds crystal-clear solutions that turn customer data into information and knowledge into wisdom. As a leading Google Cloud Partner, Crystalloids combines experience in software development, data science and marketing making them one of a kind IT company. Using the Agile approach Crystalloids ensures that use cases show immediate value to their clients and make their job focus more on decision making and less on programming.