If you are a UK business or organisation that receives data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow at the end of the transition period.
- UK is committed to maintaining the high standards of the GDPR and the government has incorporated it into UK law (the UK GDPR) alongside the Data Protection Act 2018. UK businesses will be covered by the UK data protection regime.
- The UK government has stated that transfers to the EEA are not restricted. So if you send data from the UK to the EEA you will still be able to do so and you don’t need to take any additional steps.
- If a business or organisation in the EEA is sending you personal data, then it will still need to comply with EU data protection laws. Data can continue to flow whilst the bridge is in place. W e recommend you put alternative safeguards in place before the end of April, if you haven’t done so already.
- For most businesses and organisations, SCCs (Standard Contractual Clauses) are the best way to keep data flowing to the UK. Use our SCC Interactive Guidance tool to help you.
- Take stock so that you can identify overseas data acquired before the end of the transition period (known as ‘legacy data’). Data processed before 01 January 2021 will be subject to the EU GDPR as it stood on 31 December 2020 (known as the ‘frozen GDPR’).
- Make sure you review your privacy information and documentation to identify any minor changes that need to be made at the end of the transition period.
- Keep up to date with the latest information and guidance.