Personal Data in a Post-Brexit World

25 August, 2017

As businesses prepare for GDPR, the UK Government has published its post-Brexit wish list for data protection, which includes free-flowing data and a seat at the table.

Following the Statement of Intent which dealt with the UK’s forthcoming data protection bill (which will implement the EU-based GDPR into domestic UK law), the new “future partnership paper” sets out the UK’s ambitions in relation to personal data.

Setting the Scene

The paper emphasises the UK’s role in creating the GDPR, its commitment to being a “global leader on data protection” and its status as a “significant player” in international data-flows. More threateningly, it warns about the impact on the UK and EU economies of restrictions on cross-border data flows.

Let it Flow!

Those cross-border data flows aren’t currently a problem, as the UK is part of the European Economic Area, but post-Brexit the UK will require an “adequacy decision” from the EU to maintain that level of free-flowing data. Adequacy decisions have already been granted to a number of other countries, and (despite potential issues around the UK’s national security surveillance and investigation measures) the UK is optimistic about this being granted.

“A new, deep and special partnership”

The UK’s ambitions don’t just extent to adequacy decisions, the paper also describes building on this, potentially with an ongoing role for the UK’s Information Commissioner’s Office (ICO) “in EU regulatory fora”, with the ICO being “fully involved in future EU regulatory dialogue”. Alongside this, the EU and UK could “mutually recognise each other’s data protection frameworks”, but still have a model which “respects UK sovereignty”.

The future

How those competing interests can be balanced, and whether the EU has any intention of accepting the ICO’s input, remain to be seen. Ultimately, however, the key message for businesses from this latest update is simply a reinforcement of the fact that the GDPR (in one form or another) is here to stay, and that Brexit is very unlikely to result in any meaningful relaxation of data protection requirements.

For more information on data protection and the GDPR, please contact Elliot Fry at or on +44 (0)1732 224 034

For updates from us and the latest Tech news follow us on Twitter @CrippsTechLaw