What Does Brexit Mean for the GDPR?
Many Australian businesses are bound by the GDPR, but what about Australian businesses in the UK? This article examines how Brexit will affect the GDPR.
Brexit is a significant moment in the history of the European Union (EU). However, many don’t understand what it means for the General Data Protection Regulation (GDPR) law that exists within the EU. Below, we break down the interaction between the two and how this may affect Australian businesses.
What are the GDPR and Brexit?
Brexit is the withdrawal of the United Kingdom (UK) from the European Union. Following a June 2016 referendum, the UK Government announced their plans to officially leave the EU. Since this time, the UK and EU have struggled to agree on their terms of withdrawal. It is currently scheduled to take effect from 31 October 2019, though it remains to be seen if this will actually happen.
Will the GDPR still apply once Brexit occurs?
The United Kingdom will still comply with the GDPR once they have left the EU. The UK was one of the contributors to the creation of the GDPR, and has announced that it will be incorporated into their domestic law under the European Union (Withdrawal) Agreement.
As UK companies will continue their dealings with companies based within the EU, the laws will still impact upon their business. It’s similar to the way that Australian companies must co-operate with the GDPR if they deal with European based companies or citizens.
The GDPR’s scope
The GDPR also imposes strict restrictions on personal data transfer to ‘third parties’. Of note, is that transfers of personal data to the UK from the EU will be restricted. This may impact the way that companies transfer data between each other, particularly when dealing with UK businesses.
The UK is currently attempting to secure an adequacy finding from the EU to remove this restriction. The EU has indicated that this option will be considered. However, the UK must wait until after Brexit has officially occurred. It is unlikely to be granted in the near future.
The GDPR and Brexit raise a litany of questions for businesses both in the UK and Australia. Whilst its regulations will still apply in the UK due to its integration into domestic laws, restrictions will be enforced on personal data that may be transferred to the UK. For further enquiries or issues, a privacy lawyer may be of assistance.
Kyle currently works in the content team as a legal intern for Lawpath. He is in his third year of a Bachelor of Laws with a Bachelor of Psychology (Honours) at Macquarie University.