If your organisation receives personal data from the EU/EEA, you should review your contracts and, where absent, include Standard Contractual Clauses (SCC) or other Alternative Transfer Mechanisms (ATM) to ensure that you can continue to legally receive personal data from the EU/EEA.
Businesses that are part of a multinational group may be able to rely on binding corporate rules (BCRs), for intra-group transfers as an appropriate safeguard.
To help determine whether this is right for you, refer to the ICO’s Do I need to use standard contractual clauses for transfers from the EEA to the UK? Tool.
There may be additional actions that some organisations need to take. The Information Commissioner’s Office (ICO) has further guidance your business or organisation should follow to prepare for Brexit.
For most organisations, especially SMEs, taking the required action isn’t highly costly and doesn’t always require specialist advice. The ICO have built a handy tool to help you understand what to do.
What happens if you don’t act
If you fail to act, your organisation may lose access to personal data it needs to operate. Consult the guidance and review your contracts to ensure your organisation can continue receiving personal data from the EU/EEA.
Comments are closed.