The end of the transition period is now just over a month away and this means time is running out for businesses to make arrangements for a no deal scenario (which remains a distinct possibility). One key area businesses should think about now is data protection. 

 

From 11pm on 31 December 2020, the UK will incorporate a UK version of the GDPR into domestic law which will be very similar to the EU GDPR. There will then be two versions of the GDPR, the EU GDPR and the UK GDPR, both of which will have extra-territorial impact (i.e. they will apply outside the EU and the UK respectively). This means businesses that have not already made arrangements for data post-Brexit, should do so now. The first step is to think about your operations and data flows. Some key points to consider are outlined below. 

 

1. Data flows between the EU and the UK 

At the end of the transition period, the UK will become a third country for EU GDPR purposes. This will affect businesses which receive data from the EU other than directly from consumers. In order to continue receiving data, one of the following will be required: 

a. a UK adequacy decision. If obtained, this will allow the free flow of data from the EU to the UK. However, given the limited time between now and the end of the year, it seems unlikely that the EU will adopt an adequacy decision in respect of the UK in time for the end of the transition period. 

b. a data transfer mechanism - for most businesses, this is likely to be standard contractual clauses. If SCCs are to be relied upon, they should be put in place by the end of the transition period. 

 

2. Representatives 

Another issue to consider is whether it is necessary to appoint a representative in the EU or the UK. Businesses will be required to appoint a representative unless they are only occasionally processing data and they do not process special category or criminal data on a large scale. 

 

For businesses established in the UK, an EU based representative may need to be appointed and vice versa. 

 

3. Documents 

You should review your privacy information/documentation and make any necessary changes. 

This will involve revising references to applicable legislation and setting out the details of transfers between the EU and the UK. Records of processing should also be amended to cover any new arrangements.

 

4. Supervisory authority 

You should review whether a lead supervisory authority will apply and if you can still benefit from a ‘one stop shop’.

 

We have prepared checklists for businesses to use to help them to identify what steps they need to take. If you would like a checklist, please contact the corporate/commercial department at 3CS. 

 

Amy Cunliffe-Rowe

GET IN TOUCH

3CS Corporate Solicitors

Providing solutions, not just legal advice
Contact us

GET IN TOUCH

Contact us

3CS Corporate Solicitors Ltd
60 Moorgate
London
EC2R 6EJ

3CS is based in offices in the heart of London's financial district.The nearest underground stations are Liverpool Street, Moorgate and Bank - all within 5 minutes’ walking distance.​

To view a map of where to find us, please click here.

+44(0) 204 5161 260 English (United Kingdom)

info@3cslondon.com

Please enter your name
Please enter your phone number
Please enter your email
Invalid Input
Invalid Input

Our Clients


View all our clients

Registered in England & Wales | Registered office is 60 Moorgate, London, EC2R 6EJ
3CS Corporate Solicitors Ltd is registered under the number 08198795
3CS Corporate Solicitors Ltd is a Solicitors Practice, authorised and regulated by the Solicitors Regulation Authority with number 597935


Registered in England & Wales | Registered office is 60 Moorgate, London, EC2R 6EJ
3CS Corporate Solicitors Ltd is registered under the number 08198795
3CS Corporate Solicitors Ltd is a Solicitors Practice, authorised and regulated by the Solicitors Regulation Authority with number 597935