Subscribe and receive news and updates

TICSS newsletter

BREXIT and General Data Protection Regulation (GPDR)

Autor: TIC Salut Social   /  04.02.2020

The United Kingdom voted in favour to leave the European Union in a referendum during the summer of the 2016, only a few months after the entrance in force of the GPDR. Furthermore, during the period until its application, the May 25th of 2018, the UK drafted and approved his own Data Protection Act 2018 (DPA2018) with the same date of application.


The European Retreat Agreement approved on the January 29th of 2020 at the European Parliament includes specific disposals on the treatment of personal data and the flux of information among the United Kingdom and the European Union - EU. Particularly, the articles 70-73 of the Agreement establish that the United Kingdom "has to guarantee a level of protection of personal data essentially adapted to what establishes the legislation of the European Union". To that purpose, enabling an equivalent level of protection of personal data is the only way to be considered adapted for the European Union and to assure the free and transparent flow of personal data. The article 45 of the GPDR establishes that “a transfer of personal data to a third country or to an international organisation when the Commission have decided that the third country (...) guarantees an equal level of protection is permitted”. According to the European Retreat Agreement, this decision of equivalence has to be reached before the December 31st of 2020. If not, the United Kingdom will be classified according to the GPDR as a third country for the European Union.  


Some of the articles adopted in the European Retreat Agreement , according to data protection issues, the UK has adopted “The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 – DPPEC”. This article has two main functions: 1. It creates a new internal legislation known as a general data protection regulation of the United Kingdom. 2. It modifies the valid rule of data protection - the DPA2018. To that purpose, this law is essentially the same text that the GPDR but modifies parts of the text of it and the Union adapting it to the laws of the United Kingdom and of the country.


In conclusion, since the February 1st of 2020, when the United Kingdom has formalised the exit from the EU, the new general regulation of data protection of the United Kingdom enters in force. On the other hand, enters in force a modified version of the DPA2018. The GPDR is still will internally applied in the United Kingdom during the transition period (until the December 31st of 2020) and it is necessary to look forward EC decision of new UK classification before the end of the period of transition.  


  For further information you can contact the Healthcare DPD at the email or visiting the website. Telephone availiable from 9:00 AM to 14:00 PM 93 553 26 42