One of the key issues when the UK leaves the EU is how to deal with the transfer of personal data across borders from the EEA to the UK and vice-versa. Those who are familiar with data protection rules will be aware that the current legislative regime prohibits most transfers of personal data outside the EEA unless to a country which can demonstrate “adequacy” to protect the rights and freedoms of individuals. The UK Government has announced it will implement the EU General Data Protection Regulation (GDPR) as part of its goal to ensure unhindered and uninterrupted data flows between the UK and the EU post-Brexit.
The Minister of State for Digital and Culture, Matt Hancock, has said to the EU Home Affairs Sub-Committee that the UK will match EU law in order to maximise the ease with which the UK can negotiate unhindered data flows. However, he would not say whether the UK would seek an adequacy decision or try to achieve this by other means.
Mr Hancock confirmed that parts of the Data Protection Act 1998 will be repealed in order to bring it in line with the GDPR and that the government will bring forward legislation in the next parliamentary session.