Brexit, GDPR and privacy

As a result of the United Kingdom's departure from the European Union, the applicable regulations for both ceased to be. This occurred on December 31, 2020, the date on which the transition period ended. In the specific case of the General Regulation for the Protection of Personal Data (GDPR), it is no longer a basic norm for the treatment of personal data in the United Kingdom (although, it should be clarified, that the United Kingdom, prior to its withdrawal from the The EU adopted many EU regulations on data as their own, thus, they start from almost identical regulatory scenarios).

In that sense, as trade and business will not stop being carried out, the flow of data will have to be maintained with the safeguards of the law. For this reason, the European Commission has approved two drafts of Data Adequacy (one referring to the GDPR y another referring to the law enforcement directive) so that the cross-border flow of data between both parties does not deviate from the standards that the GDPR stipulated and that are so important today. In that sense, the EU justice commissioner, Didier Reynders Indian"the secure flow of data between the EU and the UK is crucial for maintaining close business ties and effective cooperation in the fight against crime"

In addition to this, we must not forget that the United Kingdom has signed the European Convention on Human Rights and Convention 108 (on privacy and data protection), as well as the fact that it recognized its submission to the jurisdiction of the European Court of Human Rights.

The data adequacy draft referring to the GDPR in good account highlights the fact that the United Kingdom's data protection regulatory framework is very similar to that of the EU, with which, in principle, there should be no major difficulties for the flow of data. data. However, he notes:

(i) That the European Commission must carry out continuous monitoring work on how the United Kingdom implements and enforces its data protection regulatory framework in order to guarantee that “there is an equivalent level of protection”.

(ii) That the authorities of the United Kingdom must inform the European Commission of any substantial change in their legal framework for data protection, or any other change that affects them. As well as the evolution of data processing practices.

(iii) EU Member States must inform the European Commission of any action taken by their own data protection authorities that have to do with complaints or inquiries about the transfer of data to data controllers or processors in the United Kingdom. Among other.

Finally, both agreements are still drafts, the European Data Protection Council still needs the approval of the representatives of the member states of the European Union. After that, the European Commission may adopt the final decisions for the adaptation of the United Kingdom.

- Advertising Notice-
Marilú Lazo
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). Director of The Crypto Legal Blog, she has experience in corporate advice, consumer protection, as well as in matters of personal data protection and new technologies.


1,954Happy fans


*All fields are required
es Spanish