There will be no immediate change to the UK’s data protection standards when Britain leaves the EU. The General Data Protection Regulation (GDPR) will be brought into UK law and the Information Commissioner would remain the UK’s independent supervisory authority on data protection.
In recognition of the unprecedented degree of alignment between the UK and EEA’s data protection regimes, UK businesses or organisations will continue to be able to send personal data from the UK to the EEA and third countries deemed adequate by the EU at point of exit.
There will be a change to the way data is shared from the EEA to the UK. While we would like the European Commission to adopt adequacy decisions with respect to the UK as soon as possible we do not expect adequacy decisions to have been made at the point of exit.
Using personal data in your business or other organisation
It is worth checking that you have agreed to the Gsuite GDPR Data Processing Amendment and Data Processing and Security Terms. Link to our knowledge base:
GDPR General Data Protection Regulation
Even in the event of exit with no deal, we do not anticipate any issues regarding data. The GDPR will be incorporated into UK law without any changes on the leaving date. As realsmart is already GDPR compliant we will continue to comply with UK data protection laws.
The UK Government has stated that there will be no restrictions on the flow of data between the UK and Europe as long as the GDPR and equivalent UK Laws are adhered to. So we do not anticipate any problems in that regard.
For advice on Brexit from the ICO see their pages here https://ico.org.uk/no-deal
Googles Model contract clauses are still valid and data location in Europe is not a GDPR or EU requirement. This google blog explains the details:
https://cloud.google.com/blog/products/identity-security/google-clouds-commitment-to-eu-international-data-transfers-and-the-cjeu-ruling
Here is googles Privacy and Security statement:
https://edu.google.com/why-google/privacy-security