Get in Touch Menu

Brexit Q&A: How will Brexit affect data protection for businesses?

08 March 2019

After Brexit, a UK company may find itself subject to both the GDPR and the parallel Applied GDPR regime. Consequently, a data breach might well fall within the competence of both the UK ICO, and one or more EU Regulators.

In addition, EU companies are likely to face increased procedural challenges in terms of reporting data breaches. Currently, UK companies benefit from the “one stop shop” approach, whereby a UK company can rely on the ICO as its Lead Supervisory Authority (LSA) for GDPR matters, whereby the ICO will take the lead in any breach scenario, without the need to engage the other affected authorities directly.

Irrespective of whether we reach a Deal or No Deal Brexit, this one stop shop approach will no longer apply and a company will need to report a data breach separately to each affected EU Supervisory Authority. If you consider that, under GDPR, a company has 72 hours in which to notify a breach, a company needs to be sure that its internal Data Breach Procedures adequately address this issue.

If a deal is reached, then it is anticipated the status quo will continue as far as EU data transfers are concerned until 2020 and it is hoped that this transition period will allow enough time for the UK to obtain an “adequacy” ruling from the European Commission, in order to enable data to be freely transferred between the EU and the UK at the end of  this transition period.

If Britain exits on with no deal that as at 29 March 2018, subject to further guidance being issued in this area, it will no longer be lawful to transfer personal data from the EAA, to the UK, without additional legal protections being put in place. We can help you with this so please contact me if you wish to discuss this further.

If your business needs advice on this subject, please get in touch.

City-trained senior solicitor Kym works in our Legal 500-rated corporate & commercial team. She is a leading sports, media and technology lawyer with over 25 years of commercial experience. She advises clients on a diverse range of commercial agreements to include contracts, new media, technology agreements and GDPR compliance.

We're here to help

Disclaimer: All legal information is correct at the time of publication but please be aware that laws may change over time. This article contains general legal information but should not be relied upon as legal advice. Please seek professional legal advice about your specific situation - contact us; we’d be delighted to help.
Kym Fletcher LLB (Hons) Euro
Consultant, solicitor
View profile
Kym Fletcher
Related services
Share this article
Resources to help

Related articles

Changes to company law – what businesses need to know


This week, initial changes to company law – including the biggest changes to Companies House since it began – will start to take effect. Here, our corporate and commercial team…

Chris Wills LLB (Hons)

Unearthing the implicit duty of cooperation in commercial contracts


In the world of business, contracts are the bedrock upon which deals are built. These carefully crafted documents are a testament to the mutual understanding between parties, outlining their respective…

Richard Holland BA (Hons)
Senior associate, solicitor

Why sole director companies should check articles of association


A recent case has highlighted the importance of ensuring a company is incorporated with carefully drafted articles of association, if there is only one director. All limited companies must have…

Helen Howes LLM
Associate, solicitor
Contact us