The Government has pledged that they would not prevent data from being sent from the UK to the EU. The problem is that under the GDPR an EU based organisation cannot transfer personal data to an organisation based in a non-EU country, unless special safeguards are in place to protect the data, in the same way as it would be under the GDPR. Click here to read the DMA article.
Four potential solutions:
1. Adequacy decision
The European Commission can determine that a country outside the EU has equivalent data protection standards to the GDPR and that individuals have equivalent protection and rights. The European Commission has given adequacy status currently to some countries. However, the EU has stated that it will not consider an application from the UK for data protection adequacy status until the UK leaves the EU at the end of March 2019.
2: Standard contractual clauses
The EU Commission allows data to be transferred internationally if an organisation puts in place standard contractual clauses. The Commission has outlined what needs to be included in a contract in order for the data transfer to be valid. Many organisations already use standard contractual clauses, also known as model contractual clauses, to transfer data outside the EU.
3: Binding corporate rules
This is for international data transfers within a corporate company. Abiding by binding corporate rules allows a global company to transfer data across its various brands across national borders. In essence, it is equivalent to adhering to a code of conduct, as all parts of the organisation agree to uphold strong data protection safeguards, therefore, facilitating the flow of data.
4. Certified codes of conduct
The GDPR allows international transfers to take place if an organisation abides by a certified code of conduct. The DMA Code, for example, could become a certified code of conduct, meaning it would need to follow certain requirements contained in GDPR and be approved by the European Data Protection Board. The EDPB are the supreme data protection authority in the EU.
If you would like to learn more about GDPR, consider the IDM Award in GDPR.
Did you find this blog useful?
At the IDM we are passionate about educating marketers and providing resources to help advance your career.
Our learning and development team will be happy to advise based on your needs and requirements.