In cooperation with Norton Rose Fulbright in Amsterdam, the Netherlands British Chamber of Commerce was pleased to organise the NBCC Brexit forum event over how businesses and other organisations can prepare in order to secure legal transfer of data once the UK exists the EU.
As member of the Board of the Netherlands British Chamber of Commerce, Jorn van der Meer from Heineken gave the opening remarks and welcomed all the participants. Lyne Biewinga, director at NBCC, introduced and moderated the event with a lively Q & A session.
The Deputy Director International Data Unit at the UK Department of Digital, Culture, Media and Sport, Claire Bradshaw gave the keynote speech. She emphasized that as member of the EU, the UK has worked closely with other member states and EU institutions to develop robust protections for personal data, ensuring businesses and law enforcement agencies can share data safely and smoothly. The free flow of data between the UK and the EU is critical in underpinning an ambitious economic relationship and security cooperation, and the UK is committed to high data protection standards. From exit day the GDPR will be retained in UK law so that it continues to be operable in the UK context.
Jurriaan Jansen and Marcus Evans from Norton Rose Fulbright pointed out that if the Withdrawal Agreement was agreed, no data exporting issues would arise during the transition period. If no-deal Brexit or upon termination of the transition period there would be no adequacy agreement, the legal transfer of data could be assured through model clauses or BCRs, making use of GDPR Art 49 derogations or moving sensitive data into EU-based entities.
Maurice Steffin and Sander Geurts representing PwC provided a practical view of the no-deal scenario. Issues such as which data transfer instruments would be applicable to your organisation, what could the relevant (GDPR) derogations be and identifying legal and risk analysis would become necessary to be addressed.
Tim Stok used the example of the Brexit preparedness at RELX to share as a best practice. RELX is a global provider of information-based analytics and decision tools for professional and business customers. For the case of the approval of the Withdrawal Agreement the company has no issues to make provisions for. As regards to the scenario of an extension, RELX will continue to anticipate no-deal. In connection with the latter, the company has been preparing omnibus intra-group data transfer agreements for internal transfers, Standard Contractual Clauses and GDPR Article 49 derogations for external transfers, and in general keeps monitoring developments.