The decision on Brexit has been made and negotiations on how the United Kingdom can leave the European Union are underway. Over the last few weeks, the question has repeatedly been raised as to whether future transfers of personal data will still be possible without encountering problems.
The UK Government addressed this question in a press release press release on August 7, 2017, in which it commits to updating UK data protection laws. The reform will bring the EU's General Data Protection Regulation (GDPR) into UK law. This is designed to ensure that transfers of personal data between the UK and the EU remains possible without any problems even after Brexit.
With this announcement, the United Kingdom joins the list of States that are working on implementing the GDPR. Even after Brexit, when the GDPR is no longer directly applicable, it will thus be possible to transpose the regulations of the GDPR into UK law. According to the GDPR, its rules may only be implemented is for cross-border data transfer if a comparable level of data protection exists in the respective country.
Legally, this entails that there will no longer be privileged transfer between EU States after Brexit. The adaptation of the GDPR will ensure, however, that a comparable level of data protection exists in the recipient country – the UK. Data transfer will therefore also be possible without any problems after Brexit. It is expected that the EU Commission will adopt an adequacy decision with respect to the United Kingdom. Thus, companies will only need to make minor adjustments to their existing processes.