Tag Archives: Brexit

Stop All the Clocks (with apologies to WH Auden)

The weekend papers informed us that many of the Brexit Countdown clocks installed in Number 10 and elsewhere across Whitehall have been turned off.  The countdown clocks initiated by the Prime Minister’s most senior adviser, Dominic Cummings, were designed to underline the Government’s firm resolve to leave the EU by 31st October. Deal or No Deal.

If the reports are to be taken be at face value Civil Servants were finding the inexorable countdown “stressful”.   You can see their point.  Much remains to be done to secure a leaving deal – especially on newly negotiated terms. This will not be a relaxing experience while a clock counts down in the corner of your computer screen. Added to which all Civil Service leave has been cancelled until after Brexit day.     

Last week in this blog we outlined the very limited time available to Parliament to put in place legislation ahead of the 31st October deadline.  This week’s announcement of the prorogation of Parliament and a Queen’s Speech while in line with Parliamentary convention narrows the timeframe further.  With limited time available the probability of “No Deal” – a major part of the Government’s negotiation strategy – has increased. 

New Developments on Implication of No Deal for Employers & Employees

As the prospect of a “No Deal” Brexit increases inevitably uncertainty for business will rise.   One of the issues that has risen up the business agenda is the status of EU nationals in the work force.   You could say the countdown clocks are running for UK business especially those employing EU citizens.

Under the Theresa May plan free movement of EU citizens would have continued during the transition period until 31 December 2020. The new Home Secretary, Priti Patel has stated that in a ‘No Deal’ Brexit free movement would come to an end on 31st October 2019. Newspaper reports state that the Home Office said: “Freedom of movement as it currently stands will end on October 31”.

Employee “Settled Status” – Those EU citizens already working in the UK on Brexit day will be able to stay and apply for settled status – provided they have 5 years residency. Those with less than 5 years residency will be given a grace period with residency on a temporary basis until they reach the five-year mark and qualify to apply for settled status.  Employers should be actively making their EU employees aware of these requirements. 

While employers are not currently required to perform such document checks on their EU workers this should not be ruled out in the future. As well as assisting employees with negotiating the settled status process it would be prudent for employers to check the status of their EU workers.

Implications for HR Personal Data Protection

Employers must:

  • demonstrate transparency in their privacy notices about the collection of personal data for verification purpose;
  • ensure that they have the organisational and technical security measures including policies and procedures for processing HR related personal data and where applicable special category data;
  • ensure that they include all categories of employee personal data in their personal data mapping/records of personal data processing.

If you have any questions or concerns about how Brexit will affect your business, in HR or any other area, please call 01787 277742 or email teambrexit@datacompliant.co.uk

    

Countdown to Brexit… 69 days to go

The new Parliamentary session starts on 3rd September. Inevitably the session will be, once again, dominated by Brexit. With so little time between the start of the session and the Brexit deadline of Hallowe’en (31st October) there will be little Parliamentary time given over to any issues other than the terms of the UK’s exit from the EU. Parliamentary time is limited further by the Party Conference season with a further recess between 14th September and 9th October.

The Conservative Party Conference runs from 29th September to 2nd October in Manchester.  Members of Cabinet will be expected to attend and no doubt their speeches from the platform and on the fringe will be scrutinised for new policy initiatives and especially the direction of policy post Brexit. 

Over the summer the political agenda was dominated by possibility of a “No Deal” Brexit with MPs from all parties floating a variety plans for how such an eventuality could be prevented. Prime Minister Johnson has been resolute in his belief that the No Deal option cannot be removed from the table.     

Data Protection Implications

The new Prime Minister wasted no time in assembling his new Cabinet, making his intentions very clear by appointing, with few exceptions, long-standing Brexit supporters. Notable among the exceptions were the appointment of Amber Rudd to the Work & Pensions brief she has held since November 2018 and Nicky Morgan who assumes a Cabinet role as Secretary of State for Digital, Culture, Media and Sport. This is of particular interest because the brief includes Data Protection regulation and writing the “UK GDPR” into UK law.

When the UK exits the EU, as is planned, the EU GDPR will no longer be  applicable in the UK (although the Data Protection Act 2018 which references the GPDR will still apply). The UK government intends to write the GDPR into UK law, with changes to tailor it for the UK.The government has already published the – ‘Keeling Schedule’ for the GDPR, which shows the planned amendments. It can be found here http://bit.ly/2Nsy9sw 

The amendments primarily relate to references to the European Parliament, EU Member States, and the EU Commission.

What Next?

Deal or No Deal on the exit date, the UK will become a ‘third country’ (to use the jargon).  It has been suggested that there will be a period of at least 2 years of negotiations to finalise the full terms of the divorce arrangements.  During this time the UK Government will continue to allow transfers to the EU.  This will be kept under review by the new Secretary of State.  Watch this space!

Gareth Evans 23.08.2019

EU & UK Data Protection Post Brexit

Leave a reply

GDPR is a key component of the Government’s data protection paper released yesterday, relating to how a partnership between the UK and the EU could be structured in relation to the ‘exchange and protection’ of personal data post Brexit.

Regardless of Brexit, the UK intends to continue to play a leading global role in promoting data protection standards, and plans to work side by side with the EU and other global partners to protect:

  • individuals’ rights to privacy and control over their own data
  • the ability of individuals, companies and other organisations to share data to create services valued by consumers
  • the ability of law enforcement bodies to protect citizens from crime and terrorism

The government paper restates that the UK’s new Data Protection Bill (definitely needed – current legislation is now some 20 years old) will include not only the EU’s General Data Protection Regulation (GDPR), but also the Data Protection Directive (DPD) which relates to personal data being processed for law enforcement purposes.

This means that, when we leave the EU, both its and our own UK data protection law will be aligned.   This is important because it provides the UK with a sound base from which to achieve “adequacy status” to avoid the detrimental economic impact of any disruption in cross-border data flows.

What is Adequacy Status?

Adequacy

It is likely that the UK will require adequacy status in order for data to flow freely between UK and EEA

Each EEA country is allowed to transfer personal data freely, because all states have to comply with GDPR.

For countries that are not members of the EEA (and it is likely that the UK will fall into this category post-Brexit), the EU Commission may decide that a country’s data protection framework is “adequate”.  In these cases, data may also flow freely between EEA members and “adequate” third party countries – for example, Switzerland, Isle of Man, New Zealand.

Adequacy is probably the simplest method of achieving the free flow of data between the EU and UK post Brexit.  Other methods are available, but they are significantly more onerous in time, paperwork and cost for organisations.

How to achieve Adequacy Status

Any third country (eg UK) can request that the Commission considers them for an adequacy decision.  The Commission may then, if it wishes, assess the nature of that country’s data protection rules, enforcement, supervision and practices to satisfy themselves that they are sufficient to provide an adequate level of protection – ie “essentially equivalent” to those applied in the EU.

In order to achieve adequacy post Brexit, the UK will need to be compliant, not only with EU data protection law, but also with wider global data protection standards.  As the UK’s data protection law fully implements the EU’s GDPR and DPD, the government hopes “to agree, early in the process, to mutually recognise each other’s data protection frameworks as a basis for the continue free flows of data between the EU (and other EU adequate countries) and the UK from the point of exit”.

  • GDPR will, in any case, continue to apply to any UK businesses offering goods or services to individuals within the EEA.
  • The UK intends to remain a safe destination for personal data with some of the strongest data protection standards in the world
  • The ICO may continue to play an active role in promoting understanding of the regulatory challenges faced both by organisations and individuals; being involved in future EU regulatory discussion;  and sharing its expertise with other EU Data Protection Authorities.

It’s worth noting that the Government paper makes it quite plain that both sides will benefit from such an arrangement.  The paper suggests that (based on various reports) around 43% of all large EU digital companies are started in the UK, and that 75% of the UK’s cross-border data flows are with EU countries.  The implication is that any disruption in cross-border data flows could harm the economies of both parties.

Clearly building a new relationship is a key element of the Brexit negotiations.  And adequacy is a vital part of that relationship.

Victoria Tuffill    25th August, 2017

Data Compliant advises on GDPR compliance. If you’d like more informaiton, please call 01787 277742 or email dc@datacompliant.co.uk