Further to our recent data protection update see here, the UK has now left the EU and the transition period is over. The UK and the EU have reached a deal on their future relationship and, as part of the arrangement, there is now welcome certainty (for now at least) in relation to the position on EU to UK data transfers. 

 

The position currently is as follows:

 

1. Data transfers from the EEA (i.e., the EU and also Iceland, Liechtenstein, and Norway) to the UK:

The EU and the UK have agreed that transfers from the EEA to the UK will be allowed on a temporary basis for up to six months. It is intended that this will allow time for an adequacy decision to be adopted in respect of the UK. An adequacy decision means that the European Commission has decided that a third country offers an adequate level of data protection and the effect of a decision is that data can be transferred to that country without the need for alternative transfer mechanisms.  During this interim period, data can continue to flow freely from the EEA to the UK. 

 

The UK’s data protection regulatory body, the Information Commissioner’s Office (ICO) has recommended, however, that alternative transfer mechanisms are put in place by UK businesses as a precaution so that data can continue to be received from EEA businesses in the event that the position changes. 

 

For most businesses, the most straightforward option will be standard contractual clauses (SCCs). 

 

2. Data transfers to the EEA from the UK:

The UK has confirmed that until further notice it will allow data to be transferred freely to the EEA so there is no need at the present time to put additional transfer mechanisms in place for data flowing from the UK to the EEA. This means that data can continue to flow freely from the UK to the EEA unless a decision is made by the UK to end the arrangement (which is unlikely given the likely implications).

 

3. Other steps

Now that there is some certainty in relation to data protection matters following Brexit, it is a good time to think about whether there are any other steps you should take (if you have not already done so). Ultimately, the precise steps you will need to take will depend on your business and the way you deal with data. Whilst some businesses will have a lot to do, others will just have to make small changes. Practical steps that may be relevant include the following:

 

  • Appointing a representative in the UK or the EU.

  • Considering whether you will have to deal with a new lead supervisory authority.

  • Evaluating which data falls under which regime (i.e., the EU or UK GDPR).

  • Reviewing and revising external and internal data protection documents such as privacy notices and policies.

  • Considering whether alternative transfer mechanisms should be put in place in accordance with the ICO’s recommendation.

  • Reviewing and updating records of processing.

 

We have prepared checklists for businesses to assist with identifying what steps need to be taken in relation to data protection. If you would like a checklist or if you require advice on how your business may be affected by Brexit generally, please contact the corporate/commercial department at 3CS. 

 

Amy Cunliffe-Rowe

GET IN TOUCH

3CS Corporate Solicitors

Providing solutions, not just legal advice
Contact us

GET IN TOUCH

Contact us

3CS Corporate Solicitors Ltd
60 Moorgate
London
EC2R 6EJ

3CS is based in offices in the heart of London's financial district.The nearest underground stations are Liverpool Street, Moorgate and Bank - all within 5 minutes’ walking distance.​

To view a map of where to find us, please click here.

+44(0) 204 5161 260 English (United Kingdom)

info@3cslondon.com

Please enter your name
Please enter your phone number
Please enter your email
Invalid Input
Invalid Input

Our Clients


View all our clients

Registered in England & Wales | Registered office is 60 Moorgate, London, EC2R 6EJ
3CS Corporate Solicitors Ltd is registered under the number 08198795
3CS Corporate Solicitors Ltd is a Solicitors Practice, authorised and regulated by the Solicitors Regulation Authority with number 597935


Registered in England & Wales | Registered office is 60 Moorgate, London, EC2R 6EJ
3CS Corporate Solicitors Ltd is registered under the number 08198795
3CS Corporate Solicitors Ltd is a Solicitors Practice, authorised and regulated by the Solicitors Regulation Authority with number 597935