Skip to content Skip to main menu Skip to utility menu

SWB Brexit Bulletin – 22 March 2019

March 22, 2019

Welcome to issue 3 of our Brexit bulletin. The arrangements for leaving the EU remain uncertain so our plans continue to ensure we can provide effective services to patients in the event of a no deal scenario and during a transition period. The Department for Health and Social Care continues to lead on national NHS preparations in order to mitigate any risks and there are well-established plans in place to ensure the supply of medicines, equipment and supplies.

This bulletin focuses on research and data sharing.

Research studies

  • EU research and funding

The government has guaranteed funding for committed to UK organisations

for certain EU funded projects in the event of a ‘no deal’ scenario. This includes the payment of awards where UK organisations successfully bid directly to the EU while we remain in the EU, and the payment of awards where UK organisations are able to successfully bid to participate as a third country after EU Exit, until the end of 2020. This means that successful bids for EU programme funding until the end of 2020 will receive their full financial allocation for the lifetime of the project.

  • Clinical trials and clinical investigations

The Department of Health and Social Care has contacted all sponsors of trials to ensure continuity of supply for investigational medicinal products (IMPs).  We have contacted sponsors for trials that we are participating in and have assurance that we are able to continue as normal in participating in and recruiting to clinical trials and investigations.

We are advised that organisations carrying out clinical trials should follow the normal process for regulatory approval.

Data sharing, processing and access

Guidance on data protection has been published by the Information Commissioner’s Office and the Department for Culture, Media and Sport.

Transfers from the UK to the EEA and to countries outside of the EEA

Transfers of personal data from the UK to the EU / EEA should not be affected in a ‘no deal’ scenario. This is because it would continue to be lawful under domestic legislation for health and adult social care organisations to transfer personal data to the EU/EEA in the same way we do currently.

Where a transfer of personal data is to be made from the UK to a country outside of the EEA, we can continue to make the transfer if an adequacy decision for that country has been made before the exit date.  The two exceptions to this are for transfers to Japan and transfers to organisations covered by the US Privacy Shield.

We are awaiting further guidance regarding the adequacy decision for Japan, particularly whether modified arrangements will be required.

Where the adequacy decision relates to an organisation covered by the US Privacy Shield, a check will need to be made that the organisation we want to transfer information to, has updated their Privacy Shield Commitments to specifically include the UK, if they have not, we will need to rely upon safeguards or exceptions.

Transfers from the EEA to the UK

At the point of exit, EU/EEA organisations will consider the UK a third country. This will mean the transfer of personal data from the EU/EEA to the UK will be restricted unless an adequacy decision has been made by the European Commission regarding the UK, where appropriate safeguards are put in place, or where exceptions apply.

Safeguards and exceptions

Appropriate safeguards include, but are not limited to:  (1) EU approved standard contract clauses – two options are available – (a) Controller to Controller, or (b) Controller to Processor, or (2) A legally binding and enforceable instrument between public authorities and bodies (this will only apply if both public authorities or bodies have the power to put in place binding and enforceable arrangements).

Exceptions include, but are not limited to: (1) Explicit consent of the Data Subject, (2) For the performance of, or for the taking of steps to put in place, a contract where the data subject is a party, (3) for the performance of, or for the taking of steps to put in place, a contract for the benefit of another person, (4) To establish, exercise, or defend a legal claim, (5) To protect the vital interests of someone who is incapable of giving consent.

We have reviewed our data flows of personal information from the EU / EEA to the UK in order to understand the risk to our services if these data flows were disrupted. We are also ensuring that we are compliant with the 10 data security standards as outlined in the data security and protection toolkit. This is helping us to identify any areas of risk.

For more information:

Research queries: Clark Crawford, Head of Research and Development

Data protection: Allison Binns, Deputy Director of Governance / Karen Wells, Information Governance Manager

For general EU exit queries please contact our Senior Responsible Officer Toby Lewis, Chief Executive