We use cookies to help enhance your experience and improve the functionality of our website.
For more details and help to manage your cookie options read our Privacy & Cookies information.

What does a BREXIT Deal or No Deal mean for your data?

What does a BREXIT Deal or No Deal mean for your data?

by Zach Thornton | External Affairs Manager, DMA Group |
The Government has pledged that they would not prevent data from being sent from the UK to the EU. The problem is that under the GDPR an EU based organisation cannot transfer personal data to an organisation based in a non-EU country, unless special safeguards are in place to protect the data, in the same way as it would be under the GDPR. Click here to read the DMA artcicle. 

Four potential solutions:

1. Adequacy decision

The European Commission can make a determination that a country outside the EU has equivalent data protection standards to the GDPR and that individuals have equivalent protection and rights. The European Commission has given adequacy status currently to a number of countries. However, the EU has stated that it will not consider an application from the UK for data protection adequacy status until the UK leaves the EU at the end of March 2019. 

2: Standard contractual clauses

The EU Commission allows data to be transferred internationally if an organisation puts in place standard contractual clauses. The Commission has outlined what needs to be included in a contract in order for the data transfer to be valid. Many organisations already use standard contractual clauses, also known as model contractual clauses, to transfer data outside the EU. 

3: Binding corporate rules

This is for international data transfers within a corporate company. Abiding by binding corporate rules allows a global company to transfer data across its various brands across national borders. In essence, it is equivalent to adhering to a code of conduct, as all parts of the organisation agree to uphold strong data protection safeguards, therefore, facilitating the flow of data. 

4. Certified codes of conduct

The GDPR allows international transfers to take place if an organisation abides by a certified code of conduct. The DMA Code, for example, could become a certified code of conduct, meaning it would need to follow certain requirements contained in GDPR and be approved by the European Data Protection Board. The EDPB are the supreme data protection authority in the EU.

Click here to find out more about the IDM/DMA legal update

Click here to find out about our GDPR course portfolio
Blog post currently doesn't have any comments.
My campaigns should never bomb again - but if they do I'll know what to do to address it

Anne Byrom M IDM, Award EM, Dip IDM,
The Co-Operative Group

Train Your Teams

Upskill your teams marketing capabilities with a tailored IDM training plan that suits your business

Enhance your career with the IDM

Your training partner in filling digital and direct marketing skills gaps, setting you apart as a doer

share on