You must take appropriate steps to demonstrate your company`s efforts to ensure compliance with the data protection system after the transition period is over. You can do it by: Yes. We expect UK data protection legislation to be essentially aligned with the RGPD, which is why you should continue to use our existing guidelines. If you follow the approach of our guide, you can do so now and after the end of the transition period. At present, no changes have been made to the way you send personal data to the EU/EEA, Gibraltar and other countries deemed appropriate by the EU. If this situation changes, we will update this page. This mechanism remains valid for British companies that send data to the US under the Privacy Shield agreement (and US organizations that receive DATA from the UK under Privacy Shield), but the text of the data protection shield privacy policy needs to be updated. Businesses should also be aware that the UK government has stated that it is considering maintaining the RGPD regulation as it did after leaving the EU and that compliance with the RGPD and the UK DPA should therefore be maintained in 2019, even if they do not process EU citizens` data after the transition period. The communication states that, with the exception of the personal data covered by Article 71, paragraph 1, of the Brexit Withdrawal Agreement (the „withdrawal agreement”), any transfer of personal data to the UK after the transitional Brexit period is not treated as a transfer of personal data within the European Union. As a result, the transfer of personal data to third countries (for example. B non-EU states or countries that have not received an adequacy decision from the European Commission) are subject to EU rules for the transfer of personal data to the UK. They should carefully examine the language of consent to determine whether it specifically covers the transfer of personal data collected outside the EEA. Data protection legislation covered by Part 3 of the 2018 CCA continues to apply to the relevant prosecuting authorities.

These rules are derived from an EU directive, but they are now defined by UK law and will continue to apply after the end of the transition period (with some minor technical changes that reflect our status outside the EU). The European General Data Protection Regulation (GDPR) prohibits the transfer of personal data from the EEA to third countries unless certain specific safeguards (contained in Chapter 5 of the RGPD) are used as an appropriate basis for each transfer.