GDPR requests from the UK after Brexit?

Alpha1

Administrator
Joined
May 28, 2007
Messages
4,067
We only process GDPR requests from the EU on my sites, because we are in the EU and therefore have to comply with such. Now that the UK has left the EU, I wonder how this affect the rights of UK members to request complete erasure of all data. As the UK has implemented the GDPR where does this leave the UK after brexit?
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,741
I can only post as a UK citizen dealing with GDPR from within the UK.

In short EU GDPR no longer applies in the UK. However the UK's Data Protection Act 2018 has already enacted the EU GDPR’s requirements into UK law and subsequently merged it with The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 now known as UK GDPR.

Just to be clear, while EU GDPR is not applicable to UK organizations operating solely within the UK, UK organizations offering goods or services to EU residents now have to comply with both sets of regulations.

I'm not qualified to say if it's same if you are operating within the EU and the usual disclaimers apply to the above but I'm confident it's accurate at the time of posting :)
 
  • Thread starter
  • Admin
  • #3

Alpha1

Administrator
Joined
May 28, 2007
Messages
4,067
Interesting. So the UK is now listed & treated as a third country by the EU. Which seems to mean that there is no obligation flowing from the EU GDPR to comply with UK requests. None the less there is an obligation flowing from the UK GDPR to comply with UK requests. The question I wonder is how can the UK enforce their GDPR outside of the UK. They probably can fine website owners and entities outside of the UK. But if so, can they do anything about the fine not getting paid? If not then its a paper tiger.

And conversely: how is the EU going to enforce the EU GDPR to UK or US entities? Is any organization in the UK going to collect fines for the EU?
 

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
388
A dickie bird did tell me that all EU laws were copied to (UK) law at the point we left the EU. We could then work on our own from that basis.
Working from that, we would still be the same until we decided otherwise.

That dickie bird may be talking out of its ass mind.
 

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
2,113
The GDPR was always likely to be a paper tiger outside the EU.

Yes, EU laws were broadly transposed as is to UK law with a view to having a bonfire afterwards. This is one of the cases where we already had our own specific version that is just being updated with new wording.

I suspect the ICO will make some attempt on the EU’s behalf to handle things - after all, anyone falling foul of the EU GDPR probably falls foul on the UK front too and they’ll probably try to share the fines (if any), because the intent was always that the different enforcement bodies would work together anyway. The reality... not quite so much.
 

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
388
The UK certainly seems to be on the more aggressive side of things nowadays with the relationship , so I wouldn’t bank on different enforcement bodies working together especially well at all.
 

Pete

Flavours of Forums Forever
Joined
Sep 9, 2013
Messages
2,113
The UK has is like a dog that got itself stuck in the railings of a fence and is barking about it. At some point it’ll figure out it needs help to resolve its situation.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,700
What the UK and EU can do when companies do not follow GDPR is to get an order that the company in question can’t send or receive any money in the EU or UK (this can be done worldwide). Also UK and EU you need to read the full document between them to see how its handled it can be that they can prosecute and that either assist in the ruling.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,741
Regarding the finer points; as far as I am aware UK organisations are currently operating within the confines of the 2020 trade and cooperation agreement. The European Commission has published a draft of 'UK adequacy decisions' which if adopted will allow for continued free flow of personal data from the EU into the UK. The EU are currently formulating a response to the ICO's response to that draft.

The last time I looked the UK's ICO had little or no guidance on many aspects of the situation as it stands which is understandable when everything is in draft form, still to be agreed.
 
Top