GDPR Update – April 2021

The government has recently discussed reforming data protection law and diverging from the EU’s GDPR regulation. This move is designed to allow information to flow more freely and drive growth in the global digital economy. This is good news for anyone dealing purely with UK data as it should make reaching adequacy agreements with other non EU countries easier . However, anyone holding EU data will still have to manage their compliance with the EU regulation. Those companies that hold both EU and UK data (and this is not always a simple question to answer) will likely need to run a dual system, which may be complex and time consuming. Knowing which rules apply to your data sets and transfers will have never been more important.

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.
We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Covid-19.

Contact

For further advice on GDPR or pursing your contractual rights, please contact Philip Brown.

T: +44 (0)20 7390 0289
M: +44 (0)7887 538308
E: [email protected]

Conexus Law Launches New Service to Help Organisations Mitigate “Brexit Risk”

Conexus Law, the specialist provider of legal advice to businesses operating at the intersection of the built environment, technology and people, has launched a Brexit Contract Management and Audit Service. It is designed to help address the many unresolved issues following the Christmas Eve Agreement.

The new service will help organisations manage any potential contract risks and assess existing contractual arrangements that may require attention to ensure continuity of commercially viable relationships post BREXIT. It will include a full audit of all contracts including a review of standard terms and conditions (both signed and those under negotiation), and any bespoke contracts with both suppliers and customers, together with business contracts which touch every business area whether it be IT, purchasing, product, sales and marketing, office services, facilities maintenance, logistics or outsourcing.

In addition advice will be given as to whether a contract has a mechanism or opportunity to exit or re-negotiate its terms should this be necessary. While the service will focus on arrangements with EU suppliers or customers, it can include the full suite of contracts globally (including UK to UK contracts and UK to non-EU contracts).

Brexit will also impact trade between the UK and global markets and between the EU and global markets, with likely increased customs and duty requirements and costs. All of this will be taken into account when setting the scope of the contract audit.

Ed Cooke, Founder at Conexus Law, said: “Although The Christmas Eve Agreement gave some clarity, businesses continue to be faced with uncertainty. There are clear implications for many areas such as supply chains, imports and exports and employment that will affect the technology and datacentre sectors and our service will ensure full visibility of the commercial impact of Brexit on the business.”

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.

We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Brexit.

Contact

For further advice on mitigating Brexit risks, please contact Ed Cooke.

T: +44 (0)20 7390 0281
M: +44 (0)7535 123000
E: [email protected]

Ed Cooke talks to Data Centre Solutions

Our Founder Ed Cooke has spoken to Datacentre Solutions about the potential impact of Brexit on the industry.

 

 

International business faces post Brexit data threat warns legal expert

From 1 January 2021 the United Kingdom will lose its automatic status as a safe destination for EU data when it falls outside of the EU’s legal jurisdiction. This will affect all EU data to be transferred to the UK (or any ‘third country’ that is not an EEA member.)

According to Phil Brown, a specialist lawyer at Conexus Law, it is doubtful that transfers from the EU to the UK will be compliant with GDPR following court case in October which held UK law incompatible with EU law – and similarly no transfers to the US would be compliant following a judgement in July 2020 which rendered Privacy Shield invalid.

“This clearly poses a huge threat to international business and it is hard to see that it will be allowed to continue, although equally the contrasting views of Europe and the US as to data protection mean it is a difficult one to see resolved without wholesale legislative changes to either the European or US regimes. The UK is clearly more aligned with the rest of Europe, and so one would hope that the differences can be resolved swiftly and effectively but given the political implications of Brexit across Europe there remains a distinct lack of clarity,” comment Phil.

Phil has created a guidance paper on the subject which outlines the possible options for businesses and likely outcomes.

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.
We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Covid-19.

Contact

For further advice on GDPR or pursing your contractual rights, please contact Philip Brown.

T: +44 (0)20 7390 0289
M: +44 (0)7887 538308
E: [email protected]

 

Law firm warns of Post Brexit GDPR impact

Conexus Law, the specialist advisory firm that provides legal and commercial advice to clients who work in sectors where the built environment, technology, engineering and people converge, is urging companies to prepare for the strong possibility that the EU will fail to agree that the UK has an “adequate data protection regime” after the transition period at the end of the year. This will mean that businesses will face barriers transferring personal data to and from the UK to EU countries under GDPR. The warning comes on the back of the ruling by the European Court of Justice at the beginning of July that reversed the prior adequacy decision of the EU for the USA – rendering its Privacy Shield ineffective.

Ed Cooke, Founder at Conexus Law said: “The UK’s use of mass surveillance techniques, our Investigatory Powers Act, and our membership of the Five Eyes intelligence sharing community has raised particular concerns with the EU – especially in relation to the sharing of data with the US, and even more so given the recent Schrems II decision on the Privacy Shield scheme. What is clear is that once a decision has been made then companies will need to move quickly to ensure they are not severely impacted.”

Failure to reach an agreement would mean that companies will need to look at alternatives such as Standard Contractual Clauses and binding corporate rules. Ed reiterates that merely relying on consent is not really an option for most businesses.

“Each of these options has its challenges with consent generally viewed to be unworkable as it can be revoked at any time. Standard Contractual Clauses were upheld in the ECJ in its judgment on Privacy Shield, but the judges did cast some doubt on whether or not these offer suitable protection in all cases without businesses adopting further practical measures such as encryption, to ensure the protection of personal data,” explains Ed.

Conexus Law is advising companies to start preparing now. Companies should already have a full audit of what personal data they collect and where it is stored and transferred to, including back-ups that may be held by cloud-based providers with datacentres all over the world. This audit needs to include all suppliers and partners that data is shared with. The next stage is to look at standard contractual clauses and decide whether further measures are required based on the specific data being transferred. If not, consideration should be given additional methods such as encryption.

“It seems that an adequacy ruling under GDPR is being used as a BREXIT bargaining chip in relation to other unrelated diplomatic negotiations taking place. Unfortunately, businesses may end up bearing the brunt of this and I would highly recommend that they start to prepare now,” concludes Ed.