Insights & news

Brexit: European Commission Position on Protection of Personal Data Until (and After) UK Withdrawal

  • 12/09/2017
  • Articles

In a position paper of 6 September 2017, the European Commission reveals the minimum requirements for the protection of personal data in the context of the UK’s withdrawal from the EU (the Position Paper). The Position Paper sets out the obligations that will be expected for data which is received or processed by the United Kingdom or by entities in the United Kingdom after the withdrawal date.  

As regards the protection of personal data processed before the withdrawal date, the European Commission expects that the provisions of EU data protection law will continue to apply to EU and non-EU citizens’ personal data which comes within the remit of EU law. In particular, the Position Paper stipulates that data subjects should continue to benefit from and enforce the rights granted to them under the General Data Protection Regulation (GDPR). In addition, personal data should not be stored for longer than is necessary and should be erased at the end of that period.

Conversely, for data of data subjects in the UK which are processed by EU institutions before the withdrawal date, the Position Paper clarifies that such data will continue to be protected in accordance with the EU law applicable at the withdrawal date.

Finally, the European Commission states that the Withdrawal Agreement should set out how ongoing investigations and other compliance cooperation between the UK and the EU27 (including the European Data Protection Board) must be completed.

The Position Paper does not address the status of EU-UK data transfers post-Brexit, or the potential requirement and timing of an adequacy finding permitting such transfers under the GDPR.

In addition to data protection considerations, the Position Paper also sets out the European Commission’s minimum requirements with regard to the protection of EU classified information (and national classified information) as well as other restrictions on the use of and access to data and information obtained before the withdrawal date.

A copy of the Position Paper can be found here.

Key contacts

Related insights

Sign up for updates
    • 01/11/2018
    • Newsletters

    VBB on Belgian Business Law, Volume 2018, No. 10

    The October 2018 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 22/10/2018
    • Newsletters

    VBB on Belgian Business Law, Volume 2018, No. 09

    The September 2018 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 05/09/2018
    • Articles

    Implementation of GDPR in Belgium | New Data Protection Law

    Data Protection | Today, on 5 September 2018, the new Belgian Data Protection Law, which brings Belgian national law in line with the General Data Protection Regulation, was published in the Belgian Official Journal. The new Belgian Data Protection Law immediately enters into force with this publication. In the enclosed memorandum, we discuss the most important highlights of the new Belgian Data Protection Law for companies within the private sector.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *