If we have learned anything from Brexit it is that nothing is certain – at least not for very long. For those of us who were struggling to keep up with the various implications regarding data privacy, cross border data transfers, and GDPR in general under a “no-deal” Brexit it seemed we can breathe a little more easily – at least until December 31, 2020.
The good news is that even though the withdrawal agreement isn’t finalized, it comes complete with a transition period that effectively means most pre-Brexit rules and laws are still in place. Sure, the UK is no longer officially a member of the EU, but it still needs to act like it is, and the EU member states need to treat it accordingly. For GDPR purposes, the UK and the EU are still friends who agree to play nicely in the same sandbox. For those of us that transfer data between the UK and EU it will be business as usual and we will continue to follow our existing GDPR procedures for data transfer and storage.
Of course, all this may all change by the next deadline on December 31st, at which time the transition grace period will end, and the negative consequences of a no-deal scenario will once again resurface. Having been through the no-deal grinder a few times I am not a fan of that outcome but at least, the repeated fire-drills have helped us to understand what we need to do in case the hoped-for trade agreements and other arrangements can’t be signed by the end of the year. In short, we will need to dust off our standard contractual clauses, binding corporate rules or other sanctioned legal controls we can muster.
It is hard to imagine that it could come to that, but I plan to set my Brexit alarm clock for October just in case.