Insights & Publications
© 2018 Debevoise & Plimpton LLP
Brexit: What Now for UK Data Protection?
3 August 2016
View Client Update
The future of data protection law in the UK is uncertain following the recent referendum vote in favour of leaving the European Union.
The manner and extent to which EU companies will be able to continue to transfer personal data to the UK (or to the US via the UK) will depend upon the view taken by the European Commission as to whether, post-Brexit, UK law offers protection to personal data that is essentially equivalent to protection in the EU.
Many UK companies will need to comply with the EU’s new General Data Protection Regulation, coming into force in May 2018, even after Brexit. If a UK company after Brexit does business in the EU by offering goods or services, the GDPR will apply to it, without the necessity of an EU establishment which is currently required for EU law to apply, even if the data of EU-located data subjects are processed only on a UK-based server.
Cybersecurity & Data Privacy
Jeffrey P. Cunard
Dr. Thomas Schürrle
View More Authors
Debevoise Partner Luke Dembosky Keynotes International Cyber Risk Management Conference
Medical Device Cybersecurity Report Advancing Coordinated Vulnerability Disclosure
The EU and Japan Announce Data Protection Deal
Risk Management Association website
Debevoise Partner Luke Dembosky Addresses Data Security and Active Response at the 9/11 Memorial & Museum Summit on Security
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review