V1. December 2020
Contentsquare
&
Brexit
A BIT OF A BACKGROUND
On January 31, 2020, the United Kingdom withdrew from the European Union. It was agreed by both the European Union and the United Kingdom to allow a transitional period during which EU law will continue to apply in the United Kingdom until December 31, 2020.
As of January 1, 2021, following the transition period, all European Union primary and secondary law will cease to apply to the United Kingdom. Transfers of personal data to the United Kingdom will then be subject to the requirements of Chapter V of the GDPR and of the Law Enforcement Directive.
Nonetheless, it is important to clarify that the GDPR will continue to apply to United Kingdom organizations if they offer goods/services to data subjects in the EEA or monitor the behavior of data subjects in the EEA.
As part of the United Kingdom preparations for the Brexit, it has enacted the 2018 Data Protection Act (UK GDPR) which is mostly incorporating the EU GDPR into United Kingdom law.
For more information feel free to visit:
- https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/brexit_en
- https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/
- https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted
DATA TRANSFER POST BREXIT
As it seems, until an adequacy decision is made for personal data transfer to and from the United Kingdom, the only available mean to transfer data between 2 organizations across the United Kingdom borders is to execute the Standard Contractual Clauses (SCCs).
Although following the “Schrems II” decision by the Court of Justice of the European Union the use of SCCs for international personal data transfers might be seen as impacted, in the context of Brexit it seems that SCCs will allow the transfer of personal data to from the United Kingdom to the U.S. using post-Brexit, and also the transfer of personal data to and from the United Kingdom in general.
WHAT ABOUT CONTENTSQUARE
We at Contentsquare provide all our UK and non-UK customers (the Data Controllers) the ability to execute our Data Protection Agreement, which as required, covers the transfer of personal data to and from the United Kingdom post-Brexit and also include the approved SCCs.
Contentsquare also has SCCs with all of its sub-processors – as can be found at: https://contentsquare.com/privacy-center/subprocessors/.
We at Contentsquare are available to assist all of our customers with any additional needs, questions or requests that will allow them to achieve full compliance with all applicable laws, regulations and regulatory guidelines.
For more information please feel free to visit our Privacy Center, including therein our Privacy Policy, and additional information on our data processing; or contact us directly at privacy@contentsquare.com.