• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Department of Commerce Issues FAQs on UK’s Exit from the EU

January 2, 2019 By Nameir Abbas

The Department of Commerce recently issued a number of FAQs on the effect of the UK’s impending exit from the EU on the Privacy Shield. As these FAQs make clear, there remains significant uncertainty as to how the UK’s exit will play out from a transitional perspective, and Privacy Shield participants will need to plan for at least two different scenarios.

In the first scenario, the UK and the EU manage to finalize an agreement on a transitional period – from the planned date of the UK’s exit, March 30, 2019, to December 31, 2020 – during which EU law (and EU data protection law) will continue to apply in the UK. In the second scenario, the UK and the EU do not agree to a transitional period, and the UK’s exit from the EU takes full effect on March 29, 2019.

At the end of the transitional period, or by March 29, 2019 if there is no transitional period, the FAQs explain that participants will need to take the following steps in order to receive personal data from the UK in reliance on the Privacy Shield, after which they “will be understood to have committed to cooperate and comply with the UK Information Commissioner’s Office” with respect to such data:

  • Update their “public commitment to comply with the Privacy Shield to include the UK.” If participants receive HR data in reliance on the Privacy Shield, they must also update their HR privacy policies. The FAQs include model language for such updates that builds on the Department of Commerce’s existing language on participation in the Privacy Shield.
  • Continue to maintain a current certification, and recertify annually as required by the Privacy Shield.

Filed Under: GDPR, Privacy Shield Tagged With: EU Data Protection

About Nameir Abbas

Nameir Abbas is an associate on Alston & Bird’s Privacy & Data Security and Cybersecurity Preparedness & Response teams.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • European Commission Adopts Draft UK Adequacy Decision
  • NYDFS Issues Best Practices for Cyber Insurance Risk Management
  • Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services
  • Virginia Ready to Pass First State Privacy Statute after CCPA
  • The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.