Brexit: What’s Next for the Breakup Between the EU and UK?

The clock is ticking on the United Kingdom’s (UK) move out of the European Union (EU) on January 31, and the final deal is aiming to be completed by the end of 2020. Here’s what you need to know about Brexit and the transitions the UK and the EU are going through. 

What is the Withdrawal Agreement?

On January 23, 2020, the UK Parliament passed the Withdrawal Agreement Act. The Withdrawal Agreement with the EU will act as a transition period from January 31, 2020 – December 31, 2020.

The goal of the transition period is to provide enough time for the final wave of negotiations between the UK and EU to take place – negotiations that both sides hope will pave the way for a productive future relationship. Ideally, there will be a negotiation for a data protection arrangement that suits both parties

During the transition period, the current EU GDPR and UK DPA rules will continue to apply while negotiations around what happens next begin.

Refresh: GDPR vs. DPA

Effective May 25, 2018, The General Data Protection Regulation (GDPR) is an EU regulation that governs the current data protection framework in Europe. GDPR applies to any organization operating within the EU, as well as organizations outside of the EU that offer goods or services to customers or businesses in the EU. 

Just before the GDPR went into effect, the new UK Data Protection Act (DPA) was created to replace the 1998 DPA. The DPA is the UK’s implementation of the GDPR and controls how your personal information is used by organizations, businesses or the government

Core concepts of both the UK DPA and the GDPR include: 

• Restrictions on how and why businesses can process personal data 
• Additional protections for Sensitive Personal Data 
• Privacy by design and privacy by default requirements 
• Opt-in consent as a legal basis of processing 

What is the UK Government’s Future Plans for Data Protection? 

The UK Government plans to write the GDPR into UK law as an amended version of the UK DPA. It will apply to controllers and processors based outside of the UK if their processing activities relate to: 

• Offering goods or services to individuals in the UK; or 
• Monitoring the behavior of individuals taking place in the UK 

How Will This Affect Your Company’s Compliance?  

During the transition period, companies must comply with both the GDPR and the UK DPA and stay up to date on ongoing negotiations between the UK and the EU regarding data protection matters. 

For now, users in the United Kingdom will have the same rights as users in the EU, and websites, companies, and organizations that collect or process data of users in the UK will have to comply with the same requirements as those set out by the EU GDPR.

Protecting users in the UK after Brexit requires the same insight, transparency, and control of what happens on your website as before.