Brexit - Data Protection & IP
Critical issues for businesses to consider:
- International Data Transfers: Once the UK leaves the EU and in the absence of a adequacy decision, it will no longer be possible to freely transfer personal data from EU member states to the UK, as it will be considered to be a ‘third country’ for data protection purposes. Businesses firstly need to establish what data sharing/processing activities involve transfers of personal data to the UK and, secondly, how these transfers can continue to be made legally post-Brexit.
- Data Transfer Safeguards: Some of the data transfer mechanisms which may need to be utilised for transfers of personal data to the UK post-Brexit include the Standard Contractual Clauses (having regard to qualifications in the recent Schrems decision), Binding Corporate Rules, and specific derogations under GDPR such as explicit consent of data subjects etc. Businesses need to consider which of these safeguards they can potentially rely upon for the continued operation of their business operations, and how to implement this in practice.
- Contractual Updates: The data protection elements of all commercial contracts will need to be considered and may need to be updated to reflect the fact that the UK will no longer be part of the EU, and to include necessary data transfer provisions.
- Governing Law and Jurisdiction: Issues in respect of appropriate governing law and jurisdiction should be considered in respect of any contracts dealing with data protection and/or IP issues.
- IP Registrations: Businesses should consider whether any of their current IP registrations (e.g. trademark/patent registrations) should be moved to Ireland or to an EU-wide registration to ensure continued protection once the UK leaves the EU.