The European Commission (EC) is urging businesses and public bodies to take all necessary steps to ensure compliance of any personal data transfers between the UK European Union after the Brexit transition ends on 31 December.
“Compliance can be achieved by having appropriate safeguards in place as foreseen by the General Data Protection Regulation [GDPR], including binding corporate rules or through specific derogations,” the EC said in a document to help companies and others to prepare for the changes after the transition period.
From 1 January, transfers of personal data between the UK and the EU’s 27 members will have to comply with EU rules and safeguards relating to non-member states.
Organisations should plan data-transfer arrangements regardless of whether the EU makes an ‘adequacy decision’ that Britain offers an adequate level of data protection.
The commission is currently assessing that and has held technical meetings with the UK to gather information with the intention of making a decision by end of this year. For its part, the UK’s Data Protection Act confers adequacy on EU member states until the end of 2024, with re-examination required by that date.
The EC’s document, which also covers custom arrangements, company law, intellectual property, financial services, travel and other matters, does not seek to prejudge the outcome of on-going EU-UK negotiations to establish a post-Brexit relationship.
“As such, it does not examine the possible implications of a failure to reach an agreement, nor does it consider the need for contingency measures,” the EC said.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.