Brexit and GDPR

The United Kingdom officially left the European Union on January 31, 2020. What about the General Data Protection Regulation (GDPR)? Nominet published a clarifying note (theukdomain.uk, 2020-02-20).

The .UK Registry immediately points out, wisely, that the United Kingdom and the European Union have entered a transitional period which poses the status quo while new negotiations on post-Brexit relations are underway. In the meantime, the GDPR and the Data Protection Act 2018 (the UK law on the protection of personal data which transposed the GDPR into the UK legal order) will continue to apply normally. The transition period should, in principle, extend until December 31, 2020. The Commission clarified as follows:

“During its EU membership, private and public bodies in the United Kingdom received personal data from companies and administrations in other Member States.

The Withdrawal Agreement provides that, after the end of the transition period, the United Kingdom has to continue applying the EU data protection rules to this ‘stock of personal data’, until the Commission has established, by way of a formal, so-called adequacy decision, that the personal data protection regime of the United Kingdom provides data protection safeguards which are “essentially equivalent” to those in the EU.

The formal adequacy decision by the Commission has to be preceded by an assessment of the data protection regime applicable in the United Kingdom. In the case where the adequacy decision was annulled or repealed, the United Kingdom shall ensure that data received will be subject to ‘essentially equivalent’ standard of protection to that under the EU data protection rules” (European Commission, Questions and Answers on the United Kingdom’s withdrawal from the European Union on 31 January 2020, 2020-01-24).

No official information is provided as to the possible duration of the evaluation procedure.

According to Nominet, the provisions of the GDPR are transposed into British law and should not be repealed. In any event, since the United Kingdom is now a third country, companies must necessarily comply with the provisions relating to cross-border transfers of personal data.

About IP Twins

IP Twins is an ICANN-accredited domain name registrar with 15 years of experience in domain name strategy and management. We represent trademark holders in UDRP proceedings.

We deliver security certificates tailored to your needs in order to ensure the safety of visitors to your website.

IP Twins also offers anti-counterfeiting and anti-cybersquatting monitoring services. Detective, our monitoring software, identifies online counterfeits and cybersquatting. We collect evidence and remove references to counterfeits from hundreds of marketplaces, social networks and the web in general.

Should you need to complete these investigations, our team based in China can help.

Do not hesitate to contact us at info@iptwins.com.