Subscribe to our mailing list

* indicates required
EACA 2019

If you represent one of EACA’s member companies / organisations and would like to receive our monthly advocacy update, please email to subscribe.

By filling out the form, you consent to EACA sending monthly newsletters about our activities and notifications about event discounts using the MailChimp platform. No information will be passed on to other third parties or made public. You will have a right to unsubscribe at any point. Should you have any questions, please contact

European Data Protection Board publishes information note on post-Brexit data transfers

Public and commercial organisations, including agencies, under a no-Brexit-deal scenario, should follow a five-step process when transferring data to the UK, according to the European Data Protection Board (EDPB).

Firstly, organisations should identify what processing activities will imply a personal data transfer to the UK. Based on that, they should determine an appropriate data transfer instrument (standard and ad hoc data protection clauses, binding corporate rules or codes of conduct and certification mechanisms) and implement it by the Brexit date. In their internal documentation they should indicate that transfers will be made to the UK and privacy notices to individuals should be updated accordingly.

These options are all in compliance with the General Data Protection Regulation (GDPR).

Regarding data transfers from the UK to the EEA, the UK Government has announced that the current practice, which permits personal data to flow freely from the UK to the EEA, will continue in the event of a no-deal Brexit.

As a result of Brexit, the UK will become a ‘third country’ in relation to the EU. If there is no special agreement in place between the two parties, all the EU rules and regulations will instantly cease to apply to the UK on 29 March 2019.

Access the EDPB’s information note here and EACA’s ‘Brexit – Frequently Asked Questions’ page here

Speak Your Mind