“What this means is that companies in the EU (including the EEA) that are currently freely sending their personal data to the UK will have to implement appropriate safeguards in accordance with article 46 before transferring any personal data to the UK. These appropriate safeguards include:
- Standard Data Protection Clauses adopted by the European Commission of a DPA
- Ad Hoc Data Protection Clauses adopted the EU based company (data exporter) and the UK based recipient of this data (data importer)
- Binding Corporate Rules
- Codes of Conduct
- Certification Mechanism”.
The European Data Protection Board Published its guidance :
- Information note on data transfers under the GDPR in the event of a no-deal Brexit Adopted on 12 February 2019
- Information note on BCRs for companies which have ICO
as BCR Lead Supervisory Authority – Adopted on 12 February 2019
To help organisations prepare for a ‘no deal‘ Brexit, the ICO has published a short guide for UK businesses: ‘Six Steps to Take‘:
- Continue to comply with GDPR and follow ICO guidance.
- Transfers to the UK: Review data flows and identify where your organisation receives data into the UK from the EEA to ensure sufficient safeguards are in place to allow the continued flow of personal data.
- Transfers from the UK: Identify data flows to countries outside of the UK, as these will fall under new UK transfer and documentation provisions.
- European operations: For organisations that operate across Europe, data flows, processing operations and group structures should be reviewed to fully understand the effect of Brexit on operations.
- Documentation: Identify privacy documentation in the event it needs to be updated when the UK leaves the EU.
- Organisational awareness: Ensure key people in the organisation are aware of these key issues and that plans are up to date.
UK Gov Guidance : Amendments to UK data protection law in the event the UK leaves the EU without a deal on 29 March 2019
Resources on Brexit.
The French Data Protection Authority, CNIL, fining Google 50 Million Euros.
The European Data Protection Board summary explains how the CNIL has played the role of the lead authority to investigate the class actions filed by the Austrian Non Of Your Business, NOYB, and the French La Quadrature Du Net. ‘L’Europe est en marche’ – Europe is leading – and the Union is enforcing its capabilities. Britain will be missed after Brexit.
After Google, here comes Facebook : A Belgian court injonction to Facebook to stop his illegal collect of personal data in an 80 pages decision. 250.000 € maximum de 100 millions d’euros for everyday they dont comply. Things are acceleration. If you havent yet seen the French CNIL Google fine, have a look and make sure your organisation is compliant.
* * *
Radio interview of Tara Taubman-Bassirian, voted Privacy Hero 2018, is on Voice of America Business.
2018 privacy hero of the year, Tara Taubman-Bassirian, discusses the EU GDPR, the increasing need for protecting privacy in the increasingly technology-rich environment, and some activities for Data Privacy Day on January 28, 2019. What are the benefits of GDPR? Where can it be improved upon? What do companies struggle with most for GDPR compliance? What is a “hot potato” GDPR issue? How are binding corporate rules (BCRs) used for non-adequate countries? How has Brexit impacted GDPR compliance? Why does privacy matter? What are the current largest threats to privacy? What are some activities for Data Privacy Day? Hear Tara discuss these topics, and more, with Rebecca.
We are preparing to celebrate the International Privacy Day on January the 28th. A TwitterChat at 3pm GMT using the hashtag #PrivacyAware with help of Kingston Technology. A drink in a pub in London from 6 to 9pm, you might want to register for. Hope to see many join us for these celebrations. contact firstname.lastname@example.org
* * *
Let the data flow, adequacy decision between EU and Japan adopted.
Former European Data Protection Supervisor Peter Hustinx joins ICO as non-executive director.
* * *
Twitter under investigation by the Irish Data Protection Commission
Facebook’s challenge to a High Court ruling that raises serious concerns about data transfers between Europe and the US is more about appearance than facts, lawyers for the Irish Data Protection Commission told Dublin’s Supreme Court.
* * *
Via EDRI : On 7 February, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) presented two new working documents analysing further the issue of cross-border access to data in criminal matters, also known as “e-evidence”.
WARNING : Links to external website may contain cookies and tracking of visitors data. Do adjust your privacy setting in accordance.