LONDON (Reuters) – British organizations will need to agree on new contracts to ensure they can continue to receive personal data about their customers or workers in the European Union if the UK leaves the bloc without a deal next year, the UK government said on Thursday.

“You would need to take action to ensure EU organizations were able to continue to send your personal data,” it said in one of a series of technical notices published to help businesses and the public prepare for a no-deal Brexit.

British companies active in the European Union depend on a free flow of personal information, which until now has been unproblematic because as a member, Britain must meet EU standards for personal data protection.

That decision would need to be reviewed once Britain left the bloc, and no timetable has been agreed for a reassessment process, the government said.

Britain has been pinning its hopes on the European Union continuing to judge it “adequate” in the way it protects data.

It hopes it will help its cause by keeping in UK law the EU’s General Data Protection Regulation (GDPR), which came into force in May and is designed to give individuals greater control over how their data are used.

“This is looking increasingly ambitious and falls in sharp relief against the Commission’s own advice in July, which intimated that the UK will be a third country under GDPR on exit,” said Gita Shivarattan, data protection specialist lawyer at law firm Ashurst.

While it waits for data protection standards to be assessed, the government advised organizations to agree to EU-approved standard contractual clauses, which guarantee a level of data protection for the individuals concerned, with their EU partners.

The UK will continue to allow the free flow of personal data into the European Union, it added.

Iain McDonald, the managing associate at law firm Lewis Silkin, said EU-focused businesses might now consider setting up data-processing operations in Ireland rather than the UK “on the off-chance that the UK might change its data protection rules at a later date and lose EU equivalency status”.

“Until we know what post-Brexit UK-EU relations look like, there will be a degree of uncertainty for business,” he added.

#Brexit #DataProtection #GDPR #UK #Eu #Ireland #DPO

https://www.reuters.com/article/us-britain-eu-notices-data/uk-says-free-flow-of-personal-data-from-eu-not-guaranteed-if-no-deal-brexit-idUSKCN1LT2DK