Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Brexit impact on privacy

By Chantal Bernier
February 6, 2020
  • Privacy Rights
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On Friday, January 31, 2020, the United Kingdom (UK) left the European Union (EU) after 47 years as part of the union.

While the UK has ceased to be part of the EU when the clock struck midnight in Brussels, the UK and EU have agreed to a transition period until the end of 2020, to allow the UK to continue its current relationship with the EU, while future trading relationships are negotiated.

As part of this transition period, the UK’s Information Commissioner Office has clarified that the EU’s General Data Protection Regulations (GDPR) will remain in effect until the end of 2020.

No changes required at this time, but …

If you or your clients offer goods or services in the UK, and process personal data of UK residents, the GDPR will continue to apply to the treatment and safeguarding of that personal data.

Similarly, the GDPR still applies, and data protection agreements (DPA) are still required as part of an agreement with organizations that process personal data of individuals from the UK.

The UK’s Data Protection Act of 2018 incorporates the GDPR into UK law. It remains to be seen what status the EU will give to personal data transfers to the UK: Will the EU allow such transfers or will it apply the same conditions as for the rest of the world?

Adequacy status for Canada

At the time of this writing, the EU Commission considered Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) adequate to receive and process personal data of EU residents in Canada without further conditions under the GDPR. However, this adequacy status is up for review in 2020 by the EU Commission.  

Even if Canada retains its adequacy status with the EU, it is not clear what regime the UK will adopt in relation to cross-border personal data flows. While it is fair to expect that the UK will look favourably at facilitating cross-border data flows towards North America in support of new trade agreements, UK businesses have recently started to show concern with the UK’s direction in that regard. Indeed, in the months leading up to the UK leaving the EU, organizations from the UK have started to ask for further assurances related to data protection from entities outside the UK, including Canadian businesses processing information of UK residents.

With all these uncertainties at play this year, do not be surprised if a UK business partner asks you to sign the Standard Contractual Clauses with respect to personal data of UK residents being stored or processed in Canada. 

What to expect

Following the transition period, there may be areas of uncertainty around the data protection landscape in the UK. It is likely, however, that the UK will keep its GDPR-based data protection legislation to address any concerns about the flow of personal data between the EU and the UK, and keep its flexibility in negotiating free trade agreements with North America.

Please contact a member of our Privacy and Cybersecurity group if you have any questions on the impact of Brexit and the privacy compliance obligations.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Chantal Bernier

About Chantal Bernier

Chantal Bernier leads Dentons’ Canadian Privacy and Cybersecurity practice group. She is also a member of the Firm’s Government Affairs and Public Policy group. Chantal advises leading-edge national and international companies as they expand into Canada and Europe, enter the e-commerce space, adopt data analytics and roll out data-based market initiatives. Her clients include ad tech companies, financial institutions, biotech companies, data analytics firms and government institutions.

All posts Full bio

RELATED POSTS

  • Consumer Protection
  • Data Breach
  • Health Information Privacy
  • New and Proposed Laws
  • Privacy Rights
  • United States

New Mexico Becomes 48th State To Enact Data Breach Notification Law

By Peter Stockburger
  • Europe
  • Privacy Rights
  • United Kingdom

Safe Harbor Decision today!

By Nick Graham
  • Data Transfers
  • Europe
  • New and Proposed Laws
  • Privacy Rights

Data processors under the GDPR

By Marc Elshof

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site