If you are a UK business or organisation that receives data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow at the end of the transition period.

  • Your best preparation for data protection at the end of the transition period is to comply with the GDPR now.
  • UK is committed to maintaining the high standards of the GDPR and the government plans to incorporate it into UK law alongside the Data Protection Act 2018 at the end of the transition period. UK businesses will be covered by the UK data protection regime.
  • The UK government has stated that transfers to the EEA will not be restricted. So if you send data from the UK to the EEA you will still be able to do so and you don’t need to take any additional steps.
  • If a business or organisation in the EEA is sending you personal data, then it will still need to comply with EU data protection laws. You will need to take action with them so the data can continue to flow.
  • For most businesses and organisations, SCCs (Standard Contractual Clauses) are the best way to keep data flowing to the UK. Use our SCC Interactive Guidance tool to help you.
  • Make sure you review your privacy information and documentation to identify any minor changes that need to be made at the end of the transition period.
  • Keep up to date with the latest information and guidance.