How can businesses prepare for the data protection implications of a No Deal EU Exit?


In the event that the UK leaves the EU on 29 March 2019 without a deal, UK businesses will need to ensure they continue to be compliant with data protection law.

For UK businesses that operate across the EU or exchange personal data with partners in the EEA, there may be changes that need to be made ahead of the UK leaving the EU to ensure continued compliance.

The Information Commissioner's Office (ICO) has published a short 6 step document as well as more detailed guidance.

Read the guide 'Leaving the EU without a deal– 6 steps to take' on
Read the guide 'Data protection if there's no Brexit deal on

Businesses can also use the ICO’s tool for assessing whether they can rely on implementing standard contractual clauses (SCCs) for transfers from the European Economic Area (EEA) to the UK.

These resources offer information on immediate steps businesses can take to mitigate potential impacts as well as describe in more detail what changes you may need to make. For those that would be affected, early action is advised as changes may take some time to implement.