The General Data Protection Regulation (GDPR) lays down rules for the protection of individuals with regard to the processing and free flow of personal data. The impending departure of the UK from the EU creates significant uncertainty as to the ability of businesses, including banks and investment firms, to continue to transfer personal data between the EEA and the UK post-Brexit.
This briefing note outlines:
- The relevant requirements under GDPR for the processing of data and the mechanisms for transferring data between the EEA and third countries;
- The uncertainty in relation to firms’ ability to transfer personal data between the EEA and UK postBrexit;
- The importance of personal data sharing in providing an efficient and secure service to corporate and institutional clients; and
- AFME’s proposed solution - that the European Commission (EC) and the UK should, as a matter of priority:
- Start discussions in preparation for Adequacy Decisions without delay; and
- Commit to a transitional solution while adequacy assessments are undertaken.