GDPR vs. BREXIT
On May 25, 2018 the European Union, after its approval in Parliament and its European Council, came into force the General Data Protection Regulation (GDPR), in order to unify the regulations of all the Member States on the matter. Faced with this new regulation, which affects both, citizens and European companies, the complex exit of the United Kingdom from the Union, for which a new date has been set for October 31st* of this year, is one of the biggest concerns for the community companies that operate in the Anglo-Saxon country.
Faced with this situation, different hypotheses are presented taking into account whether the English House of Commons decides to leave the EU with an agreement, also known as the “Soft Brexit”, or without agreement, giving way to a Hard Brexit”.
In the event that the exit situation happens within an agreement, or the so-called “Soft Brexit”, the GDPR will continue to be applicable during the transition period set by the aforementioned agreement, creating a period of transposition of laws as a result. From that date, the United Kingdom would have until December 31st, 2021 to sign new treaties with the European Union, including those related to data protection.
On the other hand, if no exit agreement is reached, it would lead to what is known as “Hard Brexit”, whereby the UK’s relationship with the EU would be similar to that maintain with the United States, where “safe harbor” agreements are required as well as the compliance with another series of requirements to allow the acquisition and handling of data of European citizens and companies. In other words, a legal vacuum would be created for all European companies that currently operate with data in the United Kingdom for a period of time, until the signing of new agreements on the subject.
Therefore, taking into account the present scenario and the continuous postponement of the famous Brexit, during the current year, it is certain that the departure of the United Kingdom from the EU will not be calm and peaceful, affecting different aspects of the community system, such as the protection and control in the exchange of data. Thus, the most advisable for companies that handle European data is to comply with both the GDPR and the previous regulations, the Organic Law of Protection of Personal Data (LOPD), to avoid any type of conflict during this transition.
* After the postponement of Brexit for 04/12/2019, the departure from Great Britain is delayed until 10/31/19, in order to offer six months extra time to reach an agreement that allows an orderly departure.