What does a ‘No-Deal’ Brexit mean for eIDAS & GDPR?
Published 29 September 2019 – Last Updated 19 October 2020
So we’ve officially left the European Union. Now the transition period is coming to a close, the 31st of December, to be specific. Brexit has a lot of businesses worrying about what’s next.
By the end of the financial year, we will either have decided upon our relationship with the EU or exited with a no-deal. But, what does it mean for your digital contracts?
What is eIDAS as it currently stands?
eIDAS is regulation that covers the legality of electronic signatures that all eSignature providers in the EU must adhere to. It means that all of the contracts that you send with Signable are legally binding and can be used in court as legal evidence. Having one law unites and secures all electronic transactions across the EU.
eIDAS and Brexit No-Deal?
In simple terms, not a whole lot really. As with a lot of EU regulations that the UK has been a part of, eIDAS will likely be replicated verbatim, or pretty close to what eIDAS laid out. That’s what experts are saying is likely, but obviously, once the UK has formally left the EU, they could want to review and amend the regulations.
But, it is extremely unlikely that Britain will want to change eIDAS drastically, as it would mean we’d be slowing down digital transactions. Ultimately, the law works as it stands, it makes digital documents easy, fast and safe to send, so it wouldn’t make sense to fix what isn’t broke.
GDPR as it stands
GDPR was put in place in May 2018 to ensure personal data is being handled correctly by companies across the EU. It was put in place to allow everyone to control their own personal data, and choose what was shared with whom. This meant by and large that companies have to put a two-point consent when asking for personal data like email addresses.
It has changed how businesses across Europe approach their contact list and how they used that information. We have seen huge fines being dealt out to big companies who haven’t read the T’s & C’s properly. But, with it being an EU regulation what happens after the transition period comes to an end?
Does GDPR exist in a No-Deal Brexit?
Good news, if you’re a small or medium-sized business, nothing should change. The information commissioners office says “if we leave the EU without a deal, most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same”. The Data Protection Act (or GDPR) of 2018 will stand until the end of the 31st December 2020. The UK is expected to keep these rules after the end of the transitional period, whatever happens.
However, if you’re receiving data from EEA (The EEA is the EU plus Iceland, Norway and Liechtenstein) then it’s best to check what you need to do via this tool ‘keep the data flowing after Brexit’.
It seems that British regulators are opting to continue moving forward with eIDAS, but we’ll keep you as updated as possible.