1 March: Update on Brexit and data protection 

Print

On 1 February 2019, the States of Deliberation approved the Data Protection (Authorised Jurisdiction) (Bailiwick of Guernsey) Ordinance, 2019.

This Ordinance recognises the UK as a ‘designated jurisdiction’ which means that data transfers from the Bailiwick to the UK can continue once the UK has left the EU. With so much still unknown about what form Brexit will take, this Ordinance alleviates concern that existing data transfers to the UK could be adversely impacted by the UK’s EU departure causing knock-on problems for local organisations.

The Ordinance, which will come into effect on the day the UK leaves the EU regardless of whether the departure is managed under some form of transition arrangement or not, has within it an expiry date of 31 December 2020. The Bailiwick is aware that the UK will be applying for ‘adequacy‘ under the GDPR as soon as it is able to as it is key for ensuring data flows from EU Member States, hence the decision to include an expiry date. Furthermore, the States of Deliberation agreed that should the European Commission rule on the UK’s adequacy before the expiry of the Ordinance, it would be revoked.

We are pleased to have played a role in this pragmatic approach to data transfers that provides a degree of certainty to local businesses in relation to existing transfers. We would like to thank the policy and drafting team and the Committee for Home Affairs for bringing the Ordinance to fruition and the States for their recognition of the need to provide a firm way forward.

Read: Leaving the EU: the data protection implications of a Hard Brexit for UK businesses with EU data flows and clients