# Statement on the end of the Brexit transition period - update 13/01/2021

- Type: Guidance
- Source: EDPB
- Identifier: statement-on-the-end-of-the-brexit-transition-period-update-13012021-en
- Date: 2021-01-13
- Original: https://www.edpb.europa.eu/documents/statement/statement-on-the-end-of-the-brexit-transition-period-update-13012021_en
- Canonical: https://overview.legal/posts/126085
- Topics: Representatives, Processors, Supervisory Authorities, Supervision, Entry Into Force, Personal Data, Processing, Controllers

## Summary

1 Statement on the withdrawal of the United Kingdom from the European Union Adopted on 15 December 2020 Updated on 13 January 2021 The European Data Protection Board has adopted the following statement: - The EDPB wishes to remind all stakeholders that the United Kingdom’s withdrawal from the European Union took effect on 1 January 2021, when the UK ceased , for all intents and purposes , to be a Member State of the EU. - However, the EU and UK reached an agreement (the ‘ EU - UK Trade and…

## Full text

1 Statement on the withdrawal of the United Kingdom from the European Union Adopted on 15 December 2020 Updated on 13 January 2021 The European Data Protection Board has adopted the following statement: - The EDPB wishes to remind all stakeholders that the United Kingdom’s withdrawal from the European Union took effect on 1 January 2021, when the UK ceased , for all intents and purposes , to be a Member State of the EU. - However, the EU and UK reached an agreement (the ‘ EU - UK Trade and Cooperation Agreement ’ or the ‘ Agreement ’ ) on 24 December 2020 1 , which provisionally came into force on 1 January 2021 until 28 February 2021 pending ratification by the European Parliament and the Council of the EU. The Agreement provides that, for a maximum period of six months from its entry into force – i.e., until 30 June 2021 at the latest - and upon the condition that the UK’s current data protection regime stays in place, all data flows of personal data between stakeholders subject to GDPR and UK organisations will not be considered as transfers to a third country. - This means that organisations subject to GDPR will be able to carry on transmitting data to UK organisations without the ne ed to either put in place a transfer tool under Article 46 GDPR or rely on an Article 49 GDPR derogation. Specific guidance can be found on the EDPB website ( https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_informationnote_20201215_trans ferstoukaftertransitionperiod_updated20210113_en.pdf ) . - The EDPB wishes to also recall the consequences regardi ng the regulatory oversight over ongoing cross - border processing and related complaints, for which the GDPR foresees the One - Stop - Shop (OSS) mechanism. The OSS mechanism envisages that there is one supervisory authority (SA) competent for cross - border proc essing cases, being the SA of the controller’s or processor’s main or single establishment in the EEA (the lead supervisory authority), in pursuance of the GDPR. 1 The Agreement was signed on 30 December 2020. 2 adopted - As of 1 January 2021, the OSS mechanism is no longer applicable to the UK so that the UK Infor mation Commissioner’s Office (ICO) is no longer part of it. The EDPB has been liaising with the ICO over the past months in order to enable a smooth shift to this new situation by ensuring that the EEA authorities follow a shared and efficient approach in handling the existing complaints and cross - border cases involving the ICO, whilst minimizing delays and possible inconveniences to affected complainants. - The EDPB wishes to emphasize that the decision to benefit from the unified interlocution (the lead supervisory authority) enabled by the OSS mechanism in cross - border processing cases is up to the individual controllers and processors, who to that end may decide whether to set up a new main establishment in the EEA under the terms of Article 4(16) GDPR. - The EDPB recalls in this respect that controllers and processors not established in the EEA but whose processing activities are subject to the application of the GDPR under Article 3(2) GDPR are required to designate a representative in the Union in accor dance with Article 27 of the GDPR. The representative may be addressed by supervisory authorities and data subjects on all issues related to processing activities in order to ensure compliance with the GDPR. For the European Data Protection Board The Chai r (Andrea Jelinek)

---
Generated by overview.legal · https://overview.legal/posts/126085 · 2026-07-17
