Sun, May
69 New Articles

Brexit and GDPR – Dealing with the Consequences of Departure

Brexit and GDPR – Dealing with the Consequences of Departure

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Ever since the United Kingdom (“UK”) announced its departure from the European Union (“EU”), there were a lot of speculations about which rights and obligations will remain applicable to its citizens upon (Br)exit. Naturally, as negotiations were ongoing since 2016 referendum, question of whether the General Data Protection Regulation (“GDPR”) will remain applicable was still left open, until recently.

Recognizing the potential problems that may arise out of clear-cut solution when it comes to applicability of GDPR, the UK-EU Trade and Cooperation Agreement, effective as of 1 January 2021, leaves a six-month transition period during which the transfer of personal data from the EU to the UK will be free. After that time period expires, the UK will be considered as a “third country” with regard to international data transfers, meaning that the transfer of personal data from the EU to the UK will not be free, unless certain safeguards are provided (e.g. Standard Contractual Clauses or Binding Corporate Rules). Nonetheless, the UK remains hopeful that the EU Commission will render an adequacy decision in the meantime, eliminating the scenario in which the UK transfers will require additional safeguards.

In all other aspects, GDPR is not applicable directly in the UK as of 1 January 2021 (safe for extraterritorial application). However, this is not a huge issue for the UK citizens as their personal data enjoy the same level of protection as before. The so-called “UK-GDPR”, the amended Data Protection Act from 2018, which embodies the core principles and safeguards provided by GDPR, will continue to apply as national law in the UK post-Brexit.

That being said, all UK-based companies would be wise to welcome expiration of the six-month transition period ready for every possible scenario and compliant with both UK-GDPR and EU-GDPR.

International transfers from the Serbian perspective

As far as the Serbian data protection regulations are concerned, the Personal Data Protection Act of the Republic of Serbia (“PDPA”) explicitly provides that personal data transfers may be performed freely to third countries and/or international organizations that are parties to the European Council Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. Furthermore, the Serbian Government issued a Decision on the list of countries, a territory or one or more specified sectors within a third country, or an international organization which are considered to provide adequate levels of personal data protection (“Decision”), listing countries to which the free flow of personal data transfers is permitted. The Section I of the Decision enlists the UK by name.

Finally, the Serbian Commissioner for Information of Public Importance and Personal Data Protection issued a public announcement stating that the personal data transfers from Serbia to the UK remain free in accordance with the PDPA and the Decision.

Having said in mind, there is no doubt that Brexit had little to do with international personal data transfer from the perspective of Serbia and its regulations. In fact, nothing has changed in terms of international data transfers as a result. So, the UK based companies with local presence may rest assured. However, it will be interesting to see if the UK will reciprocate after finally seceding from the EU. 

This text is for informational purposes only and should not be considered legal advice. Should you require any additional information, feel free to contact us.

By Milos Velimirovic, Partner, and Katarina Zivkovic, Senior Associate, Samardzic, Oreski & Grbovic

Serbia Knowledge Partner

The oldest full service commercial law firm in Serbia, founded in 1991, JPM with three decades of experience in assisting local and international businesses presence and growth not only in Serbia but throughout the SEE region.

We have accumulated a wealth of knowledge in every industrial and corporate sector, from energy to banking, transport, manufacturing and telecommunications, while remaining true to a pioneering spirit that has always drawn us to follow the latest trends and developments in providing of our services to clients. Today we use the latest legal tech available in serving our clients and are expanding our services to clients from growing industries such as renewable energy, IT and life sciences, by offering innovative solutions and a pro-active approach to broaching new grounds.

Our expertise, experience, and commitment to professional excellence mean we are routinely involved in landmark cases and transactions, while our high standing among clients and peers sees us ranked among the leading law firms by independent guides such as Chambers & Partners, Legal 500, and IFLR1000.

We are known for working closely with clients and treating their problems as our own. Our lawyers pride themselves on being team players, fast and available, specialised in terms of practice area and industry, but versatile and creative in their thinking. We believe our advice should be tailor-made and that even the thorniest issue has a legal solution.

Our membership of Lex Mundi (the world’s premiere network of independent law firms) and the TLA (a regional alliance of leading firms from Slovenia, Croatia, Bosnia and Herzegovina, Montenegro, North Macedonia, and Serbia) means we have close working relationships with first-rate firms throughout the region and around the world, enabling us to operate as the perfect hub for SEE and other multi-jurisdictional transactions.

Firm's website: http://jpm.rs/

Our Latest Issue