05 Jan '21
Recently, the much-discussed Brexit deal was closed. The Brexit also has an impact on the processing of personal data. In the United Kingdom ("UK"), the General Data Protection Regulation (“GDPR; in Dutch: "AVG") will no longer be the applicable regulation as of 1 January 2021. Do you also exchange personal data with parties in the UK or do you use, for example, processors (such as your software suppliers) vested in or using servers in the UK? Do you otherwise co-operate with parties in the UK? If so, what will you need to consider in 2021?
*This blog is mainly written from the point of view of parties established in the EU (actually: EEA).
First of all, there will be a transitional period of 4 months (until May 2021), which may be extended once by two months. During this period, you will be able to exchange data with the UK as before, i.e. without Brexit-related measures. It should be noted that if the UK were to change its regulations in this area in the meantime, this ‘transition period’ would no longer apply.
After this transition period, you will be required to treat the processing of personal data by parties in the UK in the same way as processing by parties in other countries outside the European Economic Area (EEA), such as the United States. Due to the fairly recent ruling of the European Court of Justice in the Schrems II case, which, among other things, declared the Privacy Shield invalid, our privacy team is often asked whether data can still be exchanged between parties located in the EEA and parties vested outside the EEA. The answer is: that differs from case to case and this has not yet fully crystallized. In any case, this processing always needs to be looked at more closely and we are happy to help with that. Without going into all the details of such assessment right now, we will give you a number of points of attention and tips to prepare for the possible scenarios that may occur.
The end of the transition period means, among other things, the following:
Please also note that entities based in the UK which process personal data of EU citizens must appoint an EU representative to whom, among other things, authorities and citizens can address queries and complaints.
It is not yet clear what the situation will be after 1 May (or 1 July after an extension of the transition period). Will there be an adequacy decision (see above under a) or will things significantly change? Also because the current transition period is subject to conditions such as those mentioned above (and - theoretically - could end prematurely), it is wise to already take some steps, to be able to switch to the new situation quickly when necessary.
We are happy to provide you with a number of tips that you could possibly use in the meantime:
Do you have questions about the GDPR and Brexit? Or do you prefer some assistance with the performance of the abovementioned assessment, or in order to make the right arrangements with third parties or correct adjustments in your privacy documentation? Do you have any other (legal) questions about the Brexit? Our privacy specialists, as well as our Brexit specialists, together if appropriate, will be happy to assist. Mail to n.witt@ploum.nl and we will contact you as soon as possible.
Upcoming events
20 Dec 24
29 Nov 24
11 Nov 24
14 Oct 24
13 Oct 24
07 Oct 24
13 Aug 24
13 Aug 24
04 Jun 24
13 May 24
02 May 24
08 Apr 24
Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
Follow what you find interesting
Receive recommendations based on your interests
{phrase:advantage_3}
{phrase:advantage_4}
We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.