On February 12, 2019 the European Data Protection Board (EDPB) warned that in the absence of an agreement between the EEA and the UK (no-deal Brexit), the UK will become a third country from 00.00 am CET on 30 March 2019.
The EDPB provides 5 steps organizations that transfer data to the UK should take to prepare for a no-deal Brexit:
- Identify what processing activities will imply a personal data transfer to the UK
- Determine the appropriate data transfer instrument for your situation (see below)
- Implement the chosen data transfer instrument to be ready for March 30, 2019
- Indicate in your internal documentation that transfers will be made to the UK
- Update your privacy notice accordingly to inform individuals
In case of no deal Brexit, transfer of personal data from the EEA to the UK has to be based on one of the following instruments:
– Standard or ad hoc Data Protection Clauses
– Codes of Conduct and Certification Mechanisms
Originally publised on Technethics on March 2019