If no trade agreement, agreement or agreement is concluded between the UK and the EU after this transition period, the UK will leave the country in a no-deal scenario and become a „third country”. As CSOs have already pointed out, in such a scenario, UK organisations and organisations with offices in the UK that receive personal data from the EU need to ensure that they have additional legal controls, such as standard contractual clauses. B or binding corporate rules, to ensure compliance with the GDPR. Countries outside the EU continue to be subject to the GDPR and EU fines for processing the personal data of EU citizens. Home > Cyber Security Blog > Brexit and GDPR – what the EU Withdrawal Agreement means for data protection in the UK The basic principles, obligations and rights of data protection remain unchanged. So, at this point, we don`t need to create a completely new set of guidelines. However, some specific areas, in particular cross-border monitoring and enforcement, as well as international transfers, are particularly affected. That is why we have recently developed the following guidelines: new withdrawal agreement and political declaration on: www.gov.uk/government/publications/new-withdrawal-agreement-and-political-declaration The UK has and will maintain high standards of personal data protection, which, at the end of the transition period, include the same legal framework for data protection as the EU and are therefore substantially equivalent to the EU in data protection matters. A full explanatory document on our framework is available online and we would like to encourage EU/EEA companies to check it out to see for themselves that the UK is a safe target for personal data. What happens to UK companies that process data in the EEA during the transition period? The GDPR continues to apply to all organisations in Europe that send you data, so you may need to help them decide how to transfer personal data to the UK in accordance with the GDPR. Some UK controllers and processors may also need to appoint representatives based in the EU from 1 January 2021. For more information, visit the ICO website, or you can call the ICO helpline on 0303 123 1113 for more information (open Monday to Friday). During the transition period, personal data (subject to compliance with the GDPR) may move freely between the EU/EEA and the UK without additional restrictions.
There is also no obligation for controllers or processors in the UK to appoint representatives based in the EU for the duration of the transition period. During the transition period, as UK and EU negotiators discuss future data protection agreements, the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA 2018) will continue to apply to organisations in the UK. Similarly, organisations providing essential services must continue to comply with the Directive on Networks and Information Systems (NIS Directive). The ICO remains the independent oversight body with regard to UK data protection legislation. The Withdrawal Agreement stipulates that EU citizens` data processed in the UK before and before the end of the transition period will be processed in accordance with applicable EU law. .