Data protection: what happens if we leave the EU without a deal?

UK businesses who share data with organisations in the European Economic Area (EEA) will need to take steps to ensure they continue to comply with data protection laws should the UK leave the EU without a deal.

The warning comes as the Prime Minister fails to get Parliament to agree to her Brexit withdrawal bill, increasing the prospect of a no-deal outcome.

In light of this, the Government has begun to publish an abundance of guidance for businesses, detailing what to do and how to prepare for changes, should we leave with no deal in place.

As part of this guidance, the Information Commissioner’s Office (ICO) has produced a six-step checklist to help businesses to continue sharing data legally after 31 March 2019.

The regulator said the UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore organisations will be able to send personal data to organisations in the EEA as they do currently.

However, without a legal agreement in place, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.

Because of this, the Government advises that organisations who receive personal data from organisations in the EU should consider what changes they may need to make to continue complying with the general data protection regulation (GDPR) and other legal obligations.

The six-step checklist, found here, may help you navigate this process.

The following guides may also help:

For more help and advice, please get in touch with our expert Brexit advisory team.