31 January: Update on Brexit and data protection

Print

Following events in the UK Parliament earlier this week, the States of Deliberation are due to consider a draft ordinance that would designate the UK as an authorised jurisdiction under our local data protection legislation. Building on the foresight of the drafting team behind the Data Protection (Bailiwick of Guernsey) Law, 2017, this designation will mean that transfers of personal data to the UK by locally based organisations can continue after Brexit.

This covering paper and associated draft Ordinance, prepared by the Committee for Home Affairs, explains that this designation will remain in place until the end of December 2020 or until the European Commission has made a judgement as to the adequacy (or otherwise) of the UK’s data protection regime (whichever is the earlier).  This move is intended to provide some assurances to local organisations who transfer personal data to the UK as part of their day-to-day business and to remove the need to implement alternatives safeguards to protect personal data dispatched to the UK’s shores, balancing the Bailiwick’s need to trade with the UK against its desire to maintain adequacy and the benefits to Bailiwick businesses that that brings.  This approach has been taken underpinned by confidence in the UK’s expressed intention to maintain GDPR complaint legislation and to seek an adequacy finding by the European Commission as soon as possible once it becomes a third country.

The ODPA would like to thank the Committee for Home Affairs and the team behind the paper and associated legislation for their pragmatic solution to the uncertainty that Brexit has caused in relation to data transfers and encourages organisations with any questions to get in touch.

SEE ALSO:
19 December: update on Brexit and data protection
Data protection implications of Brexit for the Bailiwick
Leaving the EU: the data protection implications of a Hard Brexit for UK businesses with EU data flows and clients‘ (May 2018 document)