The rapid and substantial developments in technology and in the way organisations collect, store and use data relating to an identifiable individual, as well as the importance of continuing the international transfer of data for trade has resulted in a series of efforts in the E.U. to modernise and harmonise the current legal and regulatory framework for the protection of rights of data subjects. The E.U.’s new General Data Protection Regulation and the U.K.’s Data Protection Act 2018 are representative of such efforts.
Given the importance of the continuing international flow of data to businesses and authorities, this paper focuses on issues of legal uncertainty potentially hindering the continuation of the lawful flow of personal data between the U.K., the European Economic Area and/or Third Countries following Brexit, as well as on the framework and mechanics for supervision and enforcement of the data protection regimes post-Brexit. The day-to-day operations of many businesses rely on the free movement of data to and from the U.K. under certain processing arrangements. The paper outlines the ways in which these will be significantly impacted by Brexit and touches upon the ways in which the uncertainties in respect of the processing of personal data identified, if unresolved, may undermine risk management, the adequate pricing of financial products, operational continuity and the prevention of fraud. The FMLC also proposes solutions and/or mitigants to these uncertainties.
Available as: PDF