Logo

Isle Of Man +44 (0)1624 690300

Connect with us

  • Email
  • LinkedIn
  • Twitter

  • Home
  • About Us
    • Corporate Social Responsibility
    • The Isle of Man
  • Practice Areas
    • Banking and Finance
      • Drafting of Security Documents
      • Legal Opinions
      • Undertaking of Security Reviews
    • Corporate and Commercial
      • The Alternative Investment Market
      • Aviation
      • Collective Investment Schemes or Mutual Funds
      • Company Law
      • eGaming
      • Employment
      • Insurance
      • Intellectual Property
      • Mergers and Acquisitions
      • Pensions
      • Planning
      • Property – Commercial
      • Regulatory & Compliance
      • Restructuring and Insolvency
      • Shipping
      • Trusts
    • Dispute Resolution
      • Alternative Dispute Resolution
      • Asset Recovery
      • Civil Litigation
      • Commercial Litigation
      • Employment
      • Debt Recovery
      • Family Law
      • Mediation
      • Personal Injury
      • Regulatory & Compliance
      • Restructuring and Insolvency
      • Trust Disputes
    • Juristrust
    • Notarial Services
    • Private Client
      • Administration of Estates
      • Family Law
      • Immigration
      • Planning
      • Powers of Attorney
      • Probate
      • Property – Residential
      • Trusts
      • Wills
  • Our Team
  • Insights
  • News
  • Careers
    • Working at Simcocks
    • Investing in the Future
    • Vacancies
    • Relocating to the Isle of Man
  • Contact Us
  • Get an Instant Conveyancing Quote

Practical Implications of Brexit – Data Protection

March 12, 2019 By lcreighton316

12 March 2019Brexit

Both the Island’s Information Commissioner and the UK’s Information Commissioner’s Office have put in considerable work in preparing for Brexit and their respective websites contain a lot of useful information.

The starting point is the EU Commission’s Notice of January 2018 pointing out that following Brexit the UK will be a third country and will no longer benefit from the freedom to transfer data within EU and EEA member states.

Of course the UK provides legislative and administrative resources at least comparable to those of EU and EEA member states. It can be expected, therefore, that the UK will in due course benefit from an “adequacy decision” of the EU Commission which will facilitate the transfer of personal data from EU and EEA data controllers to their counterparts in UK.

As between the Isle of Man and the UK, the current position is complicated by the fact that the Island (unlike the UK) benefits from an ”adequacy decision”, although its status will be subject to review in the light of the Island’s implementation of the General Data Protection Regulation.

Accordingly, with regard to transfers of personal data from EU and EEA data controllers to data controllers in the Isle of Man, no steps need to be taken in view of the Island’s current adequacy status.

However, until the UK benefits from an “adequacy decision” Manx entities wishing to transfer personal data to data controllers in UK will need to do so on the basis that the latter is a third country. This issue is likely to be particularly relevant in the banking and insurance sectors and may also affect internet gaming and associated activities.

It can be expected that many, particularly larger, organisations will have devoted significant resources in terms both of time and cost to ensure their data protection compliance. The matter is likely to be more acute for smaller businesses.

As previously, a significant number of transfers of data are already permitted, particularly where they are the subject of the data subject’s consent or the transfer is necessary for the performance of a contract between the data subject and the data controller.

In other cases, in relation to transfers of personal data from Manx entities to non- EU and non- EEA data controllers (including those in UK), it will be advisable to adopt the “standard data protection clauses” published by the EU Commission covering transfers from an EU controller to (i) a non-EU or non-EEA controller or (ii) a non-EU or non-EEA processor.

In some cases, certain group entities may have put in place “binding corporate rules” (BCRs) approved by EU supervisory authorities to facilitate transfers of personal data between group members, including group data controllers outside the EU and EEA. However, with regard to BCRs which (i) cover the transfer of personal data between Manx and UK entities and (ii) in relation to which the supervisory authority is the UK’s Information Commissioner’s Office, the position post Brexit may be open to question. In these circumstances it may be desirable for Manx entities to adopt the Commission’s “standard data protection clauses” to facilitate transfers of personal data to UK data controllers.

Other scenarios can also be envisaged. For example, personal data may be transferred from a controller in France to a controller in the Isle of Man (the former in the EU and the latter the subject of an “adequacy decision”) via a server in UK. Provided there is no intention that the personal data will be accessed or manipulated while it is in UK, the transfer should be regarded as only to the Isle of Man.

Author: Adam Kelly

Filed Under: Publications

Online Enquiry





IMPORTANT NOTICE: The information you provide will be only used by us to administer your enquiry and any response. Use of this form does not create an attorney-client relationship and information transmitted will not necessarily be treated as privileged or confidential.
If you are a client, please get in touch with your usual firm contact directly for the most timely response.

Our Advantages

Experienced with complex transactions
Impressive track record of success
Strong local and international client base

Simcocks, Isle of Man

  • Ridgeway House
    Ridgeway Street
    Douglas
    Isle of Man
    IM99 1PY
  • +44 (0)1624 690300
  • enquiries@simcocks.com

Recommendations

Simcocks lawyers are recommended by:
The Legal 500
Chambers & Partners

Copyright © 2019 Simcocks | Terms of use | Privacy notice | Website Privacy Policy | Sitemap
Created by Zaliet Legal Websites | Hosted by PERFECT PORTAL | Login