View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
September 12, 2019

ICO’s Brexit Warning: British Firms Should Establish SCCs with European Partners

"Urge you to read what we’ve produced..."

By CBR Staff Writer

The UK’s data protection authority and GDPR enforcer has issued fresh guidance (and a warning) to businesses over data flows in the event of a no-deal Brexit.

The guidelines come with a stark warning that no deal will change how EU law is applied to UK companies processing user data.

If a company is transferring personal data from the UK to an EU entity then they can proceed as normal, as the UK government has stated that they will put no restriction on data flow. However, if the company is receiving data from a firm based in the EU they will need to take extra steps to ensure they are compliant.

While the GDPR, NIS, PECR and other regulations surrounding information security and data privacy have been enshrined in UK law and will be retained post-Brexit, eIDAS (which covers electronic ID and trust services) has yet to be incorporated into UK law.

Westminster says this will happen on the eve of Brexit however. The ICO notes that,  in practice, “if you are a UK trust service provider, you should assume that you will still need to comply with eIDAS rules.”

ICO: Firms Should Establish Standard Contractual Clauses with EU Partners

The ICO is advising that the best approach may be to establish standard contractual clauses (SCCs) with EU bodies and firms from which data is flowing.

The SCCs should outline the data protection responsibilities of a company with regards to GDPR legislation in the EU. The SCC would essentially establish contractual terms and conditions that ensure both companies process data in a legal manner.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Currently data flow is unrestricted as the UK is still classed as an EU member state, yet that could change overnight on October 31 and it will be up to UK firms to ensure they are following the law in the UK and the EU, warns the ICO.

The Information Commissioner Elizabeth Denham stated that: “It’s crucial that organisations make sure they properly prepare for all scenarios.”

ICO Brexit Warning

The Commissioner is advising business to bring themselves up to speed with the ICO’s published guidelines. “Even if you think your organisation doesn’t transfer data internationally, I’d urge you to read what we’ve produced, and assess whether you need to act,” commented Denham.

If a company has established offices or branches within the European Economic Area (EEA) they will have to comply with UK and EU data protection regulations. The ICO is advising companies of this nature that they may need to designate a representative in the EEA.

This representative will act as the company’s local representative with individuals and data protection authorities in the EEA. The ICO is warning that if you have a data protection officer (DPO), this person or one of your processors cannot be designate as your representative in the EEA.

No matter what happens come the end of October the ICO is informing business that the best approach will be to adhere to GDPR rules and guidelines when processing personal data, this will ensure firms are complaint with EU and UK laws.

And despite all the updates, the main message from the ICO is simple: “If we leave the EU without a deal, most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same.”

See Also: Digital docklands Latest Docklands Data Centre Throws Open Its Doors, as Hyperscale Demand Continues

Topics in this article : , , , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU