The European Union’s General Data Protection Regulation (“GDPR”) is arguably the most comprehensive – and complex – data privacy regulation in the world. As companies prepare for the GDPR to go into force on May 25, 2018, there continues to be a great deal of confusion regarding the requirements of the GDPR.

To help address that confusion, Bryan Cave Leighton Paisner is publishing a multi-part series that discusses the questions most frequently asked by clients concerning the GDPR.

Question: After Brexit Can I Continue to Transfer Data from the EU to the UK?

Answer: After Brexit, companies can continue to transfer data to the United Kingdom provided either that the United Kingdom is recognized by the European Commission as a country offering adequate protection. This is what is currently envisaged.

Failing such recognition, the data exporter would need to ensure that the company in the United Kingdom has appropriate safeguards in place (e.g., Standard Contractual Clauses) or that the company in the United Kingdom adheres to an approved code of conduct or certification mechanism.