After the United Kingdom (UK) leaves the EU, the transition period will end on December 31, 2020. This article draws attention to the subjects to be prepared for during and especially after the transition period – only in case if UK might slip into the status of a “third country” that does not comply with the European level of data protection. When is the subject relevant for a Swiss SME?
Affected groups of people:
If the UK becomes a third country that is insecure in terms of data protection law, the above-mentioned conditions will be at risk of data protection breaches after the transition phase. According to GDPR, all countries outside the EU and the EEA are so-called “third countries,” meaning personal data may not be transferred to these countries without further measures.
If the EU Commission declares the UK to be a safe third country under data protection law, such as Switzerland, the adequacy decision would have to be made at record speed. If this does not occur, you must ensure the data protection level yourself.
Without an adequacy decision, the UK will be cut off from the EU in terms of data protection and will have to be treated like Russia, China…. However, even then, there are ways to securely regulate data transfers and cooperation with UK companies under data protection law, such as through
We recommend reviewing data processing procedures, privacy statements, consents, and access procedures regarding transfers of personal data. Be prepared that UK may lose its secure level of data protection.
