Insights & Publications
© 2019 Debevoise & Plimpton LLP
Brexit: What Now for UK Data Protection?
3 August 2016
View Client Update
The future of data protection law in the UK is uncertain following the recent referendum vote in favour of leaving the European Union.
The manner and extent to which EU companies will be able to continue to transfer personal data to the UK (or to the US via the UK) will depend upon the view taken by the European Commission as to whether, post-Brexit, UK law offers protection to personal data that is essentially equivalent to protection in the EU.
Many UK companies will need to comply with the EU’s new General Data Protection Regulation, coming into force in May 2018, even after Brexit. If a UK company after Brexit does business in the EU by offering goods or services, the GDPR will apply to it, without the necessity of an EU establishment which is currently required for EU law to apply, even if the data of EU-located data subjects are processed only on a UK-based server.
Cybersecurity & Data Privacy
Jeffrey P. Cunard
Dr. Thomas Schürrle
View More Authors
Debevoise Lawyers Luke Dembosky and Robert Maddox Named to International Bar Association Cyber and Privacy Leadership Roles
Debevoise & Plimpton Discusses Custody Of Digital Assets
The CLS Blue Sky Blog
EU General Data Protection Regulation: A Primer for Funds and Portfolio Companies
EMPEA Legal & Regulatory Bulletin
Debevoise Partner Luke Dembosky Keynotes International Cyber Risk Management Conference
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review