Andrew Kimble and Malcolm Dowden look at the impact of Brexit on information law and provide a case law update.
As well as providing for free trade in goods the EU-UK Brexit deal approved on 30 December brought some welcome clarity to the treatment of personal data now that UK GDPR is a wholly separate legal regime from EU GDPR.
In this session (recorded on 12 January 2021) we explored the practical implications of:
- The "grace period" of up to six months allowing transfers of personal data from the EU/EEA to UK.
- EU approval of new Standard Contract Clauses and the need for "additional measures" following the Schrems II ruling.
- Overseas' organisations' need for separate Article 27 representatives for EU/EEA and UK.
- Data subject rights and breach response under UK GDPR and GDPR. Is there a risk of double enforcement?
About the speakers
Andrew is a partner at Womble Dickinson specialising in all aspects of data protection and privacy work including data protection audits, data security incidents, cross-border data transfers, outsourcing arrangements, subject access requests, direct marketing and general data protection and freedom of information compliance.
Malcolm is a commercial and regulatory lawyer at Womble Dickinson with extensive experience of contractual regulatory and legislative drafting in the UK and other common law jurisdictions.