It would still appear to this day that the United Kingdom is leaving the European Union on 29 March 2019.

In the absence of an agreement ratified by both parties, the United Kingdom will become a third country to the European Union on 30 March 2019, with the consequence that European regulations will cease to apply and in particular the General Data Protection Regulation (GDPR).

One question remains open: how to organise the transfer of personal data from the EU (and particularly Luxembourg) to the United Kingdom?

Data transfers to the United Kingdom will no longer be able to be freely effectuated and will therefore need to be regulated, as they are with respect to all third countries.

As the European Commission has not yet recognised the United Kingdom as a State providing an adequate level of protection leading to an adequacy decision to that effect, entities based in the EU will have to base transfers of personal data to the United Kingdom on adequate tools to comply with the provisions of the GDPR, in particular the Standard Contractual Clauses proposed by the European Commission. [https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32010D0087]

We remind our clients and partners that the penalties for non-compliance with the GDPR are severe (up to 4% of global annual revenue or €20 million). Therefore, we invite you to put in place appropriate and effective safeguards to secure future transfers of personal data across the Channel now.

Our Digital team is at your disposal to help you prepare yourself as well as possible.