EDPB confirms status of EU-UK data flows in a no-deal scenario

Schrems-sufficient-contract-clauses

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

At it’s Seventh Plenary Session, the European Data Protection Board (EDPB) adopted a note on data transfers under the GDPR in the event of a n0-deal Brexit.

The EDPB, who work towards a consistent approach to data protection application across Europe (replacing the old Article 29 Working Party) and is made up of representatives from the national data protection authorities (e.g. the ICO in the UK), said in their note:

Data flows from the EEA to UK

In the absence of an agreement between the EU and the UK (no-deal Brexit), the UK will become a third country from 00.00 am CET on 30 March 2019. As a consequence, the transfer of personal data from the EEA to the UK will have to be based on one of the following instruments: Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct and Certification Mechanisms and the specific transfer instruments available to public authorities. In the absence of Standard Data Protection Clauses or other alternative appropriate safeguards, derogations can be used under certain conditions.

Data flows from UK to the EEA

As regards data transfers from the UK to the EEA, according to the UK Government, the current practice, which permits personal data to flow freely from the UK to the EEA, will continue in the event of a no-deal Brexit.

This of course confirms what the ICO have been saying and indeed what we reported in our own blog post about data flows and Brexit.

So, what this means in practice is, if you’re a UK business that processes personal data sent from the EEA then you can expect, in a no-deal Brexit scenario, your existing processing agreements to change to include model clauses or some other legally approved means of ensuring compliance. If you need help with his, get in touch to find out how we can help.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy