“Business as usual” for the transition to data protection between the UK and the EU in 2020. Relevant information on data protection and data flows is also included in the political statement that sets out the framework for future relations between the European Union and the United Kingdom. The most important structural change is the idea of a UK_GDPR and a EU_GDPR, as it will allow a future government to depart from the UK data protection system of the RGPD standards (for example. B after December 2020, the expiration date of the withdrawal agreement). Of course, politicians will say that the UK`s DP standards could be improved, but look at points 3 and 4 before deciding if you believe them. The communication states that, with the exception of the personal data covered by Article 71, paragraph 1, of the Brexit Withdrawal Agreement (the “withdrawal agreement”), any transfer of personal data to the UK after the transitional Brexit period is not treated as a transfer of personal data within the European Union. As a result, the transfer of personal data to third countries (for example. B non-EU states or countries that have not received an adequacy decision from the European Commission) are subject to EU rules for the transfer of personal data to the UK. Point 4: Conservative Party Manifestos.
The Conservatives` next manifesto will likely include the obligation to repeal the Human Rights Act of 1998, withdraw from the Court of Justice, which rules on the European Convention on Human Rights, and introduce a new British bill. Whether this withdrawal is part of the “Convention on the Protection of Persons in the Automated Processing of Personal Data” (Council of Europe Convention 108) is unclear. More information is available on the information commissioner`s website. The OIC is the independent data protection regulator in the UK. For international data transfers from the UK to other jurisdictions, please visit the ICO website. This data is called legacy data in this message analysis. Article 71, paragraph 2, does not apply to Article 71, paragraph 1, when the United Kingdom receives a decision on adequacy from the European Union. Article 71, paragraph 3, provides that, when it loses its adequacy decision, the United Kingdom must apply protection to personal data within the scope of Article 71, paragraph 1, which are “essentially equivalent” to EU standards. Article 71 is high-level and interacts with a complex network of withdrawal agreements and various Brexit laws. As a result, some aspects of practical application have yet to be confirmed in subsequent legislation and guidelines.
The “frozen RGPD” It is important to note that data protection standards are not updated in section 71. The EU RGPD “as applicable on the last day of the transition period” applies to legacy data (this is the effect of Article 6, paragraph 1, of the withdrawal agreement). This version of the EU RGPD is referred to in this article as the “frozen RGPD”. The frozen RGPD must be interpreted in accordance with the relevant jurisprudence of the European Court of Justice adopted before the expiry of the transition period (see Article 4, paragraph 4, of the withdrawal agreement).