With the end of the Brexit transition period fast approaching, we have examined the potential impact on data privacy compliance in the UK and the EU/EEA and prepared a guide which provides practical advice on how to prepare to ensure that your organization is in the best position possible to deal with the outcome of the current UK/EU negotiations on 31 December 2020.
Organisations are advised to identify personal data flows between the EEA and the UK and to devise a plan to ensure that these data transfers will be able to lawfully continue from 1 January 2021, in the event that the UK does not obtain an adequacy decision from the European Commission (and no alternative agreement is reached) in advance of that date. Priority should be given to business-critical data flows and transfers of large volumes of personal data, special category data or criminal data.
Other areas of data privacy compliance that may require attention include, Binding Corporate Rules (where they have been approved by the ICO), identifying an alternative lead supervisory authority to the ICO if your organization engages in cross-border processing within the EU/EEA, assessing whether you may need to appoint a representative in the EU/EEA if your organization offers goods/services to EU/EEA data subjects or monitors their behaviour in the EU/EEA and amending documents such as privacy notices and records of processing to reflect the UK’s status as a third country, if that is the case at the end of the transition period.
Our Data Privacy & Cybersecurity experts are available to answer any questions you may have and to assist you with any compliance steps you may need to take to prepare. Please reach out to one of the listed team members or your customary firm contact for advice.