Skip to main content

We are working to bring Devices, IT services and applications back as quickly and safely as possible. Some services are unavailable at the moment. Read about how to restore your device safely.

New rules around Data Protection for Brexit

Information HSE managers need about the transfer of personal data to UK companies from 31 December 2020.

Published: 6 October 2020

Updated: 19 January 2021

The UK has left the EU. The transition period ended on 31 December 2020.

Recent negotiations resulted in the EU-UK Trade and Cooperation Agreement. This agreement is shortly due to be ratified by both parties.

Sharing Data with the United Kingdom

This EU-UK Trade and Cooperation Agreement means the HSE can continue, for the duration of a specified period (four to six months from 1 January 2021), to transfer personal data to the UK for processing and storage.

During this period there is no requirement for HSE managers to sign an EU Standard Contractual Clauses with UK-based suppliers.

So if a UK company you work with transfers, processes, stores or accesses personal data you do not need to require them to sign an EU Standard Contractual Clause document.

The EU-UK Agreement contains provisions which mean that, for the duration of the specified period, (four to six months from 1 January 2021) transmission of personal data from the Union to the United Kingdom shall not be considered as a transfer to a third country under Union law.

The parties have also agreed a declaration on the Adoption of Adequacy Decisions with Respect to the United Kingdom which sets out the European Commission’s intention to promptly launch the procedure for the adoption of adequacy decisions with respect to the UK under the General Data Protection Regulation and the Law Enforcement Directive.

Read the text of the EU-UK Agreement on Trade & Co-operation here.

Data Protection Commission – Frequently Asked Questions on Data Protection and Brexit

European Data Protection Board statement

Information note from the European Data Protection Board

For more information about this topic or if you have questions, or concerns e-mail the HSE Data Protection Officer at 


Related Content

  • Commission Decision of 5 February 2010
    Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (notified under document C(2010) 593)Text with EEA relevance
  • Brexit gdpr letter pdf file
    pdf of brexit supplier letter
  • Brexit gdpr letter template word file
    Using this template, contact each company asking that they complete and sign the EU Contractual Clauses Agreement.