Guidance on what should happen with transfers of private data to and from the United Kingdom, including Northern Ireland, after a possible ‘no deal’ Brexit has been published by the Irish Data Protection Commission (DPC).
The organization warned that Irish and Irish-based businesses that manage private personal data will be required to make sure data being transferred to the UK is done so legally after a possible March 29 date the UK departing the European Union. Failure to complete this preparation could lead to the usual GDPR penalties being applied, 4% of annual global income or €20m – whichever figure is higher. From that date, in the event of no departure deal being agreed, the UK should be treated as any other non-EU State and would not enjoy the prevailing free movement of data that it presently does.
Speaking to the SC Media recently Joseph Carson, chief security scientist and advisory CISO at Thycotic, compared the process to the months leading up to the go live date for GDPR on May 25, 2018. He said: “However, this time because of the poor decision making within the UK parliament, organizations now have less than three months to prepare a digital data border. Organizations that have done a good job of preparing for EU GDPR, will have made it easier for themselves as this would have certainly helped understand what data they save and how it is handled so it might make the short turnaround much easier.”
Speaking to the same publication, Patrick Grillo, senior director of solutions marketing at Fortinet, said: “With a structured Brexit (read deal in hand) it is expected that there would be a reasonable changeover period allowing organizations to smoothly manage their operations to other countries and/or allowing the UK to become an authorized third-party country. Without that changeover period, however, the potential for significant interruption is real. With the Irish border problem being such a key point of the Brexit talks, it is curious that this facet of a no-deal Brexit has not been talked about more often.”
Should a ‘no deal Brexit happen then it will be of utmost importance for all businesses, including those primarily based in other parts of the world, transporting data from EU based offices to the UK to make sure that they are completing this in a completely legal manner so as to avoid all possible fines.