Member Services

01 23 777 88

or complete our Contact Form


01 23 777 23

or complete our Contact Form


UK will be a 'Third Country' for Data Transfers post-brexit

Minister for Data Protection, Pat Breen this week gave clarity on Ireland’s position on Data Transfers with the UK post-Brexit at the National Data Protection Conference at Croke Park.

“The Withdrawal Agreement on the future relationship between the EU and the UK is the result of a long and difficult negotiation process and represents a fair and balanced deal.  The European Council has made clear that it is not for renegotiation, began Minister Breen.

‘The Government remains firmly of the view that ratifying this Agreement remains the best way to ensure an orderly exit by the UK, which is in everyone’s interest.  We will continue to monitor the situation as it develops in London

‘A no deal outcome is not the one that we want but given the ongoing political uncertainty in London it is only prudent at this stage to accelerate preparations for a no deal Brexit.

‘The Government Contingency Action Plan gives an overview of the comprehensive, cross-Government preparations that have been in place since even before the Brexit vote.  Officials have identified issues across all sectors.  Responding to these issues will include action at the EU level and dedicated measures by the Government at home.

‘Whilst much of the debate on Brexit and its consequences has focused on the possibility of tariffs on goods, all of you will be aware of the centrality of data flows to a digital economy based around services.

‘The simplest and most effective mechanism for facilitating such data transfers is a European Commission ‘adequacy decision’, which recognises the data protection regime of the country or organisation concerned as providing levels of data protection essentially equivalent to those of the EU. 

‘Where such a decision has been taken, data transfers to the country or organisation can proceed without hindrance or formality.  

‘It is clear that a no-deal Brexit would have a profound effect on how personal data is transmitted into the UK from the EU. 

‘Flows of personal data to and from the UK are essential to business. In the absence of a withdrawal agreement, the UK will become a third country on leaving the EU and personal data transfers cannot continue as before.

‘In the event of a ‘no-deal’ Brexit, the European Commission has clarified that no contingency measures, such as an ‘interim’ adequacy decision, are foreseen. 

‘This means that data transfers to the UK in the event of a ‘no-deal’ Brexit must initially rely on alternative mechanisms other than an adequacy decision, as set out in the GDPR. 

‘The European Commission has approved Standard Contractual Clauses that can be inserted into contracts to ensure the application of European data protection principles.  

‘A corporate group can apply legally binding corporate data protection rules once approved by the competent data protection authority.  

Codes of Conduct and Certifications can be used to demonstrate compliance with the GDPR, once approved by a data protection authority and the European Data Protection Board (EDPB).

‘It is up to you to decide which of these is most suited to the kinds of data transfers in which your organisation is engaged.

‘The GDPR also provides for derogations for specific situations in the absence of the kinds of safeguards that I just mentioned.

‘These derogations cover situations such as where the subject has given explicit consent or where the transfer is necessary for important reasons of public interest. 

‘So while Brexit does give rise to concerns, it should not cause alarm. The GDPR explicit provides for mechanisms to facilitate the transfer of personal data in the event of the United Kingdom becoming a third country in terms of its data protection regime.

‘The Data Protection Commission ( has produced guidance material on the status of personal data transfers to and from the UK in the event of a ‘no-deal’ Brexit, concluded Minister Breen.

Jim Friars, CEO of the Irish Computer Society who hosted the event on behalf of The Association of Data Protection Officers said, ‘it is good to get clarity on how we will move forward in a post-Brexit world. We do so much business with the UK all of which is supported by an easy flow of data between the two economies. It is essential we reach an adequacy decision similar to the one recently completed between the EU and Japan. We should also bear in mind that this adequacy decision took almost 18 months to agree so we need to prepare right away.’

Share this article!