Brexit: European Commission Position on Protection of Personal Data Until (and After) UK Withdrawal

12/09/2017
Articles

In a position paper of 6 September 2017, the European Commission reveals the minimum requirements for the protection of personal data in the context of the UK’s withdrawal from the EU (the Position Paper). The Position Paper sets out the obligations that will be expected for data which is received or processed by the United Kingdom or by entities in the United Kingdom after the withdrawal date.

As regards the protection of personal data processed before the withdrawal date, the European Commission expects that the provisions of EU data protection law will continue to apply to EU and non-EU citizens’ personal data which comes within the remit of EU law. In particular, the Position Paper stipulates that data subjects should continue to benefit from and enforce the rights granted to them under the General Data Protection Regulation (GDPR). In addition, personal data should not be stored for longer than is necessary and should be erased at the end of that period.

Conversely, for data of data subjects in the UK which are processed by EU institutions before the withdrawal date, the Position Paper clarifies that such data will continue to be protected in accordance with the EU law applicable at the withdrawal date.

Finally, the European Commission states that the Withdrawal Agreement should set out how ongoing investigations and other compliance cooperation between the UK and the EU27 (including the European Data Protection Board) must be completed.

The Position Paper does not address the status of EU-UK data transfers post-Brexit, or the potential requirement and timing of an adequacy finding permitting such transfers under the GDPR.

In addition to data protection considerations, the Position Paper also sets out the European Commission’s minimum requirements with regard to the protection of EU classified information (and national classified information) as well as other restrictions on the use of and access to data and information obtained before the withdrawal date.

A copy of the Position Paper can be found here.

Key contacts

Reshad Forbes

Senior Counsel

T +32 (0)2 647 73 50

E [email protected]
View profile
Thibaut D'hulst

Counsel

T +32 (0)2 647 73 50

E [email protected]
View profile

Related practice areas

Search more insights

- 16/04/2024
- Newsletters
VBB on Belgian Business Law, Volume 2024, No. 3

The March 2024 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition law, data protection, intellectual property and litigation.
Read more
- 28/03/2024
- News
Fundamental Rights Impact Assessment under EU AI Act

On 13 March 2024, the European Parliament adopted the European Union Artificial Intelligence Act (AI Act), one of the first and possibly the most comprehensive regulation of AI in the world.
Read more
- 19/03/2024
- Newsletters
VBB on Belgian Business Law, Volume 2024, No. 2

The February 2024 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition law, data protection, labour law and litigation.
Read more

Insights & news

Brexit: European Commission Position on Protection of Personal Data Until (and After) UK Withdrawal

Key contacts

Reshad Forbes

Thibaut D'hulst

Related practice areas

Related insights

VBB on Belgian Business Law, Volume 2024, No. 3

Fundamental Rights Impact Assessment under EU AI Act

VBB on Belgian Business Law, Volume 2024, No. 2

Insights & news

Brexit: European Commission Position on Protection of Personal Data Until (and After) UK Withdrawal

Key contacts

Reshad Forbes

Thibaut D'hulst

Related practice areas

Related insights

VBB on Belgian Business Law, Volume 2024, No. 3

Fundamental Rights Impact Assessment under EU AI Act

VBB on Belgian Business Law, Volume 2024, No. 2

Subscribe to our updates