Data flows and Brexit
The basis on which the UK will leave the EU has still to be decided.
The Government has made clear that the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow.
But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA) may be affected.
Personal information has been able to flow freely between organisations in the UK and European Union without any specific measures. That’s because there is a common set of rules - the GDPR.
But this two-way free flow of personal information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data.
In this event, the Government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected
The Information Commissioners Office has produced guidance and tools to assist organisations understand and mitigate the issue. More information can be found here: