The wide ranging legal implications of such a scenario include, for EU organisations which transfer personal data to third parties (e.g. group entities or suppliers) located in the UK, assessing whether additional compliance steps must be taken to ensure that such transfers are made pursuant to the General Data Protection Regulation (679/2016/UE) (the "GDPR"). As the end of the transition period is less than two months away and as negotiations for a future partnership are still ongoing, Luxembourg organisations should be ready to adopt the right data protection measures if and when the UK leaves the EU without a deal.
Up until now, organisations based in Luxembourg and in the UK could count on the free movement of personal data within the European Economic Area (the "EEA") to transfer personal data between them without having to comply with rules other than the general principles set out in the GDPR (such as ensuring that the transfer had a legal basis under Article 6 and that the data subjects were informed of the transfer or, as the case may be, consented to the transfer).
Click here to read the full article.
Source: Agefi - November 2020