Transfers of Personal Data from Ireland to the UK in the event of a ‘No-Deal’ Brexit
Brexit, particularly in the context of a ‘No Deal’ scenario, may have an impact on the data protection obligations of Irish entities which transfer personal data to the UK (including Northern Ireland).
In a ‘No Deal’ Brexit scenario, the UK will no longer be a member of the EU; instead, it will become a ‘third country’ (see Chapter 5 GDPR for more information on transfers of personal data to third countries). This means that the transfer of personal data from Ireland to the UK will be treated in the same way as transfers of personal data to countries like Australia, India, or Brazil. Therefore, in order to comply with the rules of the General Data Protection Regulation (GDPR), an Irish company intending to transfer personal data to the UK will need to put in place specific safeguards.
Standard Contractual Clauses (SCCs) (see Article 46 GDPR) are one such measure for ensuring the protection of personal data transferred from Ireland to the UK. The SCCs consist of standard or template sets of contractual terms and conditions. Each of the parties to the contract gives contractually binding commitments to protect personal data in the context of its transfer from Ireland to the UK in the event of a ‘No-Deal’ Brexit.
Our guidance note on Transfers of Personal Data from Ireland to the UK in the Event of a 'No-Deal' Brexit contains guidance on SCCs and a non-exhaustive list of ways your organisation might already be transferring data to a UK-based company.