Brexi has brought with it a number of challenges to those in the UK processing the personal data of those resident not within the UK but within the EU or those organisations in the EU/EEA processing personal data of those within the UK.
You will need to:
i. appoint an EU representative within the EU (and ideally in the state in which most of your processing takes place) in order that individuals may exercise their rights and freedoms;
ii. identify a particular country’s lead supervisory authority (the UK’s equivalent to the ICO) and check if they have additional requirements and different guidance as to breach reporting, SARs etc., than our ICO
iii. review all documentation including Binding Corporate Rules, Standard contract terms, contracts generally, and privacy notices to ensure that they reflect the changes that need to be made in order to become compliant post Brexit.
It is vital for Chambers involved in processing personal data for international data subjects and involved in international transfers of data to fully investigate the implications and repercussions of Brexit and the judgement in the case of the Schrems II. Going forward they must ensure that they keep abreast of any further developments following on from the changes brought about at the end of 2020.