Transfers of personal data post-Exit Day

Published On:Wednesday, January 22, 2020


When the UK exits the European Union on 31 January 2020, the UK and Gibraltar will become third countries for the purposes of the data protection legislation.

Controllers and processors in the Isle of Man cannot transfer personal data to controllers or processors in third countries unless that country has an adequacy finding from the European Commission, or one of the additional safeguards set out in Article 46 of the Applied GDPR is implemented by the Isle of Man controller or processor, or a provision of Part 5 of, or Schedule 10 to, the GDPR and LED Implementing Regulations 2018 applies to the specific transfer.

Tynwald has approved regulations however, which, while convoluted, effectively maintain the ability for Isle of Man controllers and processors to transfer personal data to controllers and processors in the UK and Gibraltar without the need for any additional safeguards post-Exit Day.

Those regulations come into effect on 1 February 2020.