- Brexit developments in the UK affect IT companies and private sector data processing.
- Boris Johnson plans own regulations for GDPR after Brexit.
- From next year, the flow of data between the EU and the UK could be restricted.
- IT companies should take precautions to avoid problems during data transfer.
- The EU Commission must review the level of protection for data transfers.
- Early technical and contractual measures may be necessary.
- Further information will be provided as soon as it is available.
An important announcement is currently coming from the UK in the wake of Brexit. While much that will (or will not) happen this year is unclear, a potential change starting next year could be relevant for many IT companies.
Boris Johnson, currently still the British Prime Minister, has announced that the country intends to go its own way in future when it comes to the GDPR, i.e. European data protection, even if it wants to continue to maintain high standards.
Johnson is also breaking away from his predecessor Theresa May, who wanted to convert the GDPR into national British law on an equal footing after Brexit. See also this almost exactly one year old article.
This could be problematic for IT companies such as game developers, which may no longer be allowed to transfer data from the EU to the UK after this deadline, for example if they have their headquarters or a branch there. The same then applies to game developers and a British publisher.
The GDPR only permits the free exchange of data with third countries if a comparable level of protection exists there. This must be examined and officially confirmed by the EU Commission in an adequacy procedure. Whether this will be the case can hardly be reliably assessed at present, which is why providers who could be affected by this problem should take technical and contractual precautions as early as possible.
As soon as more is known about this topic, you will be able to read it here. Of course I am also available for clients for further inquiries.
