Effective 1 June, we have a new address: 34 Imperial Square, Cheltenham, Gloucestershire GL50 1QZ
Get in Touch Menu

Brexit Q&A: How will Brexit affect data protection for businesses?

08 March 2019

After Brexit, a UK company may find itself subject to both the GDPR and the parallel Applied GDPR regime. Consequently, a data breach might well fall within the competence of both the UK ICO, and one or more EU Regulators.

In addition, EU companies are likely to face increased procedural challenges in terms of reporting data breaches. Currently, UK companies benefit from the “one stop shop” approach, whereby a UK company can rely on the ICO as its Lead Supervisory Authority (LSA) for GDPR matters, whereby the ICO will take the lead in any breach scenario, without the need to engage the other affected authorities directly.

Irrespective of whether we reach a Deal or No Deal Brexit, this one stop shop approach will no longer apply and a company will need to report a data breach separately to each affected EU Supervisory Authority. If you consider that, under GDPR, a company has 72 hours in which to notify a breach, a company needs to be sure that its internal Data Breach Procedures adequately address this issue.

If a deal is reached, then it is anticipated the status quo will continue as far as EU data transfers are concerned until 2020 and it is hoped that this transition period will allow enough time for the UK to obtain an “adequacy” ruling from the European Commission, in order to enable data to be freely transferred between the EU and the UK at the end of  this transition period.

If Britain exits on with no deal that as at 29 March 2018, subject to further guidance being issued in this area, it will no longer be lawful to transfer personal data from the EAA, to the UK, without additional legal protections being put in place. We can help you with this so please contact me if you wish to discuss this further.

If your business needs advice on this subject, please get in touch.

City-trained senior solicitor Kym works in our Legal 500-rated corporate & commercial team. She is a leading sports, media and technology lawyer with over 25 years of commercial experience. She advises clients on a diverse range of commercial agreements to include contracts, new media, technology agreements and GDPR compliance.

We're here to help

Kym Fletcher LLB (Hons) Euro
Consultant, solicitor
View profile
Kym Fletcher
Related services
Share this article
Resources to help

Related articles

Why sole director companies should check articles of association


A recent case has highlighted the importance of ensuring a company is incorporated with carefully drafted articles of association, if there is only one director. All limited companies must have…

Helen Howes LLM

Top tips for improving wellbeing in the workplace


A recent CIPD Health and Wellbeing at work survey has reported that most organisations are taking additional measures to support employee health and wellbeing, in response to COVID-19. Three quarters…

Jenny Hawrot LLB (Hons)

SCCs: New rules governing cross-border data transfers and data exchanges from the EU and EEA

GDPR & data protection

This September brings change to the use of standard contractual clauses (SCCs) governing data transfers from the EU and EEA. In June this year, the European Commission published two sets…

Kym Fletcher LLB (Hons) Euro
Consultant, solicitor
Contact us