What should you watch out for in data protection against the background of an unregulated Brexit? Are you prepared?


Nach dem Austritt von Grossbritannien (UK) aus der EU endet die Übergangsphase am 31.12.2020. Was Sie in und vor allem nach der Übergangsphase beachten und wie Sie sich vorbereiten müssen, erfahren Sie in diesem Beitrag.

Wann ist der Brexit für ein Schweizer KMU relevant?

  • You have an office in the UK.
  • Use UK service providers to perform their services (goods suppliers).
  • You use UK based cloud / SaaS services, online marketing tools.

Affected groups of people:

  • Your customers.
  • Users of your online services or website visitors.
  • Employees or applicants for online application services.


If the UK becomes a third country that is unsafe under data protection law, there is a risk of data protection violations in these cases after the transition phase. According to the GDPR, all countries outside the EU and the EEA are so-called “third countries”, i.e. personal data may not simply be transferred to these countries.

If the EU Commission declares the UK to be a third country that is safe under data protection law, such as Switzerland, the adequacy decision would have to be made at record speed. If that doesn’t happen, you have to take care of the level of data protection yourself.

UK is cut off from the EU in terms of data protection law without an adequacy decision and must be treated like Russia, China … But even then there are ways to securely regulate data transfers and cooperation with British companies under data protection law, such as through

  • Contractually required data transfers
  • Consent from data subjects
  • Other guarantees (binding corporate rules …)

We recommend checking data processing processes, data protection declarations, consents and information procedures with regard to the transmission of personal data. Be prepared that the UK may lose its secure level of data protection.