Brexit: what does it mean for data transfers?  


With the UK’s exit from the European Union now just hours away, it will be entering an 11-month transition period where EU data-sharing arrangements will remain in effect.

We will shortly be publishing some updated guidance around what will happen at the end of the transition period.

In the meantime, you may wish to read our deputy commissioner, Rachel Masterton’s, 2018 paper: ‘Leaving the EU: the data protection implications of a ‘Hard Brexit’ for UK businesses with EU data flows and clients‘. (Or you can read a summary of the main points here.)

Rachel sums up what this means for the Bailiwick as follows:

‘Locally, The Data Protection (Bailiwick of Guernsey) Law, 2017 was drafted with Brexit in mind and so provides a gateway for transfers to UK-based organisations once the split happens. Businesses in the UK and the EU need to be aware that Brexit will have data protection implications and start looking at how they will handle these. If the UK receives adequacy, that will address those issues in the most part and put the UK in the same position as the Bailiwick. If, for any reason, adequacy is not forthcoming, UK organisations and the EU based organisations that they receive personal data from will need to make use of the various safeguarding mechanisms within the GDPR.’