Handling employee data in the event of a no-deal Brexit – are you prepared?
The Department for Business, Energy and Industrial Strategy (BEIS) has published guidance on the transfer of personal data between the EU and the UK after Brexit, which would include the use of employee personal data. The guidance explains how Brexit will affect UK businesses both in the event of a deal and if there is no deal.
If there is a deal, BEIS explains that there will be no immediate change to the UK’s data protection standards. During the implementation period, personal data (including employee personal data) could continue to be transferred from the UK to the EU and vice versa. The EU would then assess the UK and make an “adequacy decision” (to ensure the UK has appropriate standards and safeguards in place under GDPR), to be in place by the end of the implementation period.
If there is no deal, UK businesses will be able to continue sending employee personal data to the EU, but companies will need to make changes in respect of employee data being transferred from the EU into the UK (for example if the company is UK-headquartered and employee remuneration data across Europe is shared with the UK parent company). In such circumstances, companies need to ensure there is a safeguard or derogation in place to allow the transfer. BEIS does not expect an “adequacy decision” to have been made by the EU by exit day in March 2019.
To prepare for a no deal scenario, BEIS recommends following the Information Commissioner’s six-step guidance and you may also find this blog useful. If you require assistance with any of the issues raised, please don’t hesitate to contact one of the team.