Data protection & Brexit

Oct. 28th, 2020 09:14 pm
pseudomonas: Ostrakon against Themistocles. (ostrakon)
[personal profile] pseudomonas
If the UK and EU stop respecting each other as being regimes that automatically have appropriate data protection measures, are there any special-cases that kick in for the NI/ROI case to ensure that companies on one side of the border can continue to process the data of their clients on the other side?
Flat | Top-Level Comments Only

Date: 2020-10-28 08:28 pm (UTC)
hilarita: stoat hiding under a log (Default)
From: [personal profile] hilarita
Not that I've heard of. Well, that could be a fun new cockup for later in the year...

Date: 2020-10-28 10:46 pm (UTC)
emperor: (Default)
From: [personal profile] emperor
NAFAIAA.

Date: 2020-10-29 07:45 am (UTC)
djm4: (Default)
From: [personal profile] djm4
I'm not a lawyer, although I am a DPO with a reasonable knowledge of data protection law. There is nothing to directly prohibit companies from countries without an adequacy agreement from processing the data of EU residents, but they do need to demonstrate that they have appropriate legal protections in place. There are other complications if the company is based entirely outside the EU. But it's not impossible and in the case of the NI/ROI border, I suspect that anyone currently complying with GDPR will need to do minimal work to continue to be fine after a hard Brexit.

We are in 'no-one knows for sure' territory, though.

Date: 2020-10-31 12:14 pm (UTC)
hairyears: Spilosoma viginica caterpillar: luxuriant white hair and a 'Dougal' face with antennae. Small, hairy, and venomous (Default)
From: [personal profile] hairyears
The answer to your question is: No.

No explicit arrangement or agreement has been made at the level of Government-to-Government negotiation and the legal certainty of signed and ratufied treaties.

But, as [personal profile] djm4 has pointed out, mechanisms *do* exist for constructing the necessary legal and technical safeguards, so that these data transfers can take place.

However, everyone with a cross-border data flow has to actually do it - get the necessary legal advice, set up the systems, get their counterparties onboard with their own reciprocal safeguards...

And get their insurers to sign off too, for the larger companies. And, indeed, the smaller ones, whose banking covenants oblige them to be insured against legal risks and business interruption.

I *think* the retail banks have got this sorted, but it's all a very long way from the bit of the financial sector I work in; and I can't talk about the specific steps that my current client has taken, other than to say they have indeed taken steps.

I think that the larger players have sorted this out, as far as it can be sorted; which means that it will probably not be un-sorted and halted by the first significant court case and the first major breach of European data protection law.

I know, also, that a lot of 'London' bankers and support staff are on Dublin or Paris-based contracts, as are the 'London' commercial relationships that we service: 'London' is is smaller than it looks and what you see - or thought you saw when you looked at much of the service sector and IT industry - is already outside the UK.

Whether that turns out to be legally-robust, during and after the second, third and and fourth fiascos, is another question.


Edited (SPELLING) Date: 2020-10-31 12:21 pm (UTC)
Flat | Top-Level Comments Only

Profile

pseudomonas: per bend sinister azure and or a chameleon counterchanged (Default)
pseudomonas

November 2024

S M T W T F S
     12
34567 89
10111213141516
17181920212223
24252627282930

Most Popular Tags

Page Summary

Active Entries

Expand Cut Tags

No cut tags
Page generated Feb. 11th, 2026 01:10 pm
Powered by Dreamwidth Studios

Style Credit