If you are a UK business or organisation that receives data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow after Brexit.

  • Your best preparation for data protection after Brexit is to comply with the GDPR now.
  • The UK is committed to maintaining the high standards of the GDPR and the government plans to incorporate it into UK law alongside the Data Protection Act 2018 after Brexit. UK businesses will be covered by the UK data protection regime.
  • The UK government has stated that transfers to the EEA will not be restricted. So if you send data from the UK to the EEA you will still be able to do so and you don’t need to take any additional steps.
  • If a business or organisation in the EEA is sending you personal data, then it will still need to comply with EU data protection laws. You will need to take action with them so the data can continue to flow.
  • For most businesses and organisations, SCCs (Standard Contractual Clauses) are the best way to keep data flowing to the UK. Use our SCC Interactive Guidance tool to help you.
  • Make sure you review your privacy information and documentation to identify any minor changes that need to be made after Brexit.
  • Keep up to date with the latest information and guidance.