Personal data transfers to the UK: Last weeks to prepare for an increasing likely «no-deal» Brexit

A "no-deal" Brexit has been on most EU organisations' agenda for some time now.

The wide ranging legal implications of such a scenario include, for EU organisations which transfer personal data to third parties (e.g. group entities or suppliers) located in the UK, assessing whether additional compliance steps must be taken to ensure that such transfers are made pursuant to the General Data Protection Regulation (679/2016/UE) (the "GDPR"). As the end of the transition period is less than two months away and as negotiations for a future partnership are still ongoing, Luxembourg organisations should be ready to adopt the right data protection measures if and when the UK leaves the EU without a deal.

Up until now, organisations based in Luxembourg and in the UK could count on the free movement of personal data within the European Economic Area (the "EEA") to transfer personal data between them without having to comply with rules other than the general principles set out in the GDPR (such as ensuring that the transfer had a legal basis under Article 6 and that the data subjects were informed of the transfer or, as the case may be, consented to the transfer).

Click here to read the full article.

Source: Agefi - November 2020

Related articles

Counting down to DORA – governance of ICT risks and board member responsibility

ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA

DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

NautaDutilh IP team maintains strong standing in WTR 1000 2024

Counting down to DORA – Mapping and classification of ICT services

Privacy & data in the Benelux: five things you need to know in 2024

Benelux Competition Law in 2024: five things you need to know

Technology and the law in 2024: five things you need to know

Counting down to DORA – three key aspects

Strict liability regime in case of enforcement of invalid IP rights can be 'appropriate'

EU AI Act: three key insights on the world's first comprehensive AI law

The Chambers Technology & Outsourcing guide 2023

The Foreign Direct Investment Regimes Guide 2024

Life Sciences challenges and opportunities in Europe and the USA: key insights

Luxembourg FDI screening mechanism enters into force

A new era in patent litigation: five things to know about the start of the UPC

Update Luxembourg law on business licenses: three key insights

Third parties can intervene in BDPA proceedings and appeal its decisions

The law on the use of digital tools and processes in company law in force in Luxembourg

The competition dynamics in relation to cloud services

NautaDutilh assists founding shareholders of Route Mobile in selling majority stake to Proximus

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

NautaDutilh named Benelux Trademark Firm of the Year at the 2023 Managing IP Awards

The law on the use of digital tools and processes in company law

Luxembourg: introduction of national FDI screening mechanism

Anke Holtland appointed to counsel Public Law

Upcoming EU legislation on artificial intelligence

NautaDutilh Luxembourg ranked in Chambers FinTech 2023

Best practices for drafting and updating data protection notices

EU Foreign Subsidies Regulation (FSR): five things you need to know

The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR

Benelux Competition Law in 2023: five things you need to know

Dutch DPA letter to the government on PNR: enforcement threatens again with focus on proportionality

Data Protection in Belgium: the 2023 focus of the BDPA

The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one

NautaDutilh contributes to IAPP's Global Legislative Predictions 2023

Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023

Benelux Technology Law in 2023: five things you need to know

CJEU decision extending the scope of article 5(1) of the Damages Directive

UPC update: extension Sunrise Period, judicial appointments and more

GDPR & AML: no longer public access to UBO data without legitimate interest

A low degree of similarity?

No longer public access to UBO data without legitimate interest

DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector

Vincent Wellens on FATCA in the Paperjam

DORA the EU Regulation

NautaDutilh contributes to Technology Disputes Guide by Lexology

The Unified Patent Court: five things you need to know

Privacy and security concerns in the metaverse

Paying a tribute is not dishonest

VoetbalTV: Administrative fine permanently annulled without judgement on the 'pure commercial interest'

Luxembourg first member state to launch a certification mechanism under the GDPR

European Data Protection Board harmonises EU fining guidelines

New GDPR guidelines on fines on the way

Data protection impact assessments new EDPS recommendations

Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?

Revamped CSSF outsourcing guidance for the financial sector

20 years of NautaDutilh Luxembourg

Public procurement in 2022: five things you need to know

NautaDutilh's Benelux IP-team stands out in WTR1000 2022

Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022

Benelux Data Law: five things you need to know in 2023

Luxembourg IP & Technology Law: five things you need to know

Data Protection notices after the Whatsapp case: what's the message?

NautaDutilh Luxembourg ranked in Chambers FinTech 2022

The record fine for the Dutch Tax Administration from a legal perspective

Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

New rules on material IT outsourcing in the financial sector

NautaDutilh contributes to Technology Disputes Guide by Lexology

NautaDutilh assists SoftBank Vision Fund 2 with its Series C investment in Dutch scale-up SendCloud

NautaDutilh contributes to digitalization series by EACCNY

Long-awaited clarity on required safeguards for international data transfers

NautaDutilh's IP & Tech Law team recognised by Leaders League

Belgian DPA: fines prohibited in the absence of a prior order to comply?

The CNPD Publishes Several Decisions Following Investigations

Europe proposes first-ever statutory framework for AI

Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere

Regulatory changes in the audiovisual media sector