Skip to content
Guidance · EDPB ·on-the-end-of-the-brexit-transition-period EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

Statement on the end of the Brexit transition period

Summary

1 A dopted Statement on the end of the Brexit transition period Adopted on 15 December 2020 The European Data Protection Board has adopted the following statement: - The EDPB wishes to remind all stakeholders that the transition period for the United Kingdom’s withdrawal from the European Union will end on 31 December 2020. This means that as of 1 January 2021, the UK will no longer apply the GDPR to the processing of personal data and a separa te legal framework regarding data protection and…

How it connects

Full text

1 A dopted Statement on the end of the Brexit transition period Adopted on 15 December 2020 The European Data Protection Board has adopted the following statement: - The EDPB wishes to remind all stakeholders that the transition period for the United Kingdom’s withdrawal from the European Union will end on 31 December 2020. This means that as of 1 January 2021, the UK will no longer apply the GDPR to the processing of personal data and a separa te legal framework regarding data protection and privacy will be in force in the UK. - The EDPB recalls that, as a consequence, any exchange of personal data between EEA stakeholders and UK entities will constitute a transfer of personal data to a third coun try and therefore will be subject to the provisions of Chapter V GDPR. In the absence of an adequacy decision applicable to the UK as per Article 45 GDPR, such transfer will require appropriate safeguards as well as enforceable data subject rights and effe ctive legal remedies for data subjects, in accordance with Article 46 GDPR . Subject to specific conditions, it may still be possible to transfer personal data to the UK based on a derogation listed in Article 49 GDPR; however, Article 49 GDPR has an exceptional nature and the derogations it contains must be interpreted restrictiv ely and mainly relate to processing activities that are occasional and non - repetitive. Specific guidance can be found on the EDPB website ( https://edpb.europa.eu/our - work - tools/our - documents/other/information - note - data - transfers - under - gdpr - united - kingdom - after_en ) . - The EDPB wishes to also recall the consequences regarding the regulatory oversight over ongoing cross - bo rder processing and related complaints, for which the GDPR foresees the One - Stop - Shop (OSS) mechanism. The OSS mechanism envisages that there is one supervisory authority (SA) competent for cross - border processing cases, being the SA of the controller’s or processor’s main or single establishment in the EEA (the lead supervisory authority), in pursuance of the GDPR. - As of 1 January 2021, the OSS mechanism will no longer apply to the UK so that the UK Information Commissioner’s Office (ICO) will no longer be part of it. The EDPB has been liaising with the ICO over the past months in order to enable a smooth shift to this new situation by ensuring that the EEA authorities follow a shared and efficient approach in handling the existing complaints and cross - bord er cases involving the ICO, whilst minimizing delays and possible inconveniences to affected complainants. 2 A dopted - The EDPB wishes to emphasize that the decision to benefit from the unified interlocution (the lead supervisory authority) enabled by the OSS mechanis m in cross - border processing cases is up to the individual controllers and processors, who to that end may decide whether to set up a new main establishment in the EEA under the terms of Article 4(16) GDPR following the end of the transition period. - The ED PB recalls in this respect that controllers and processors not established in the EEA but whose processing activities are subject to the application of the GDPR under Article 3(2) GDPR are required to designate a representative in the Union in accordance w ith Article 27 of the GDPR. The representative may be addressed by supervisory authorities and data subjects on all issues related to processing activities in order to ensure compliance with the GDPR. For the European Data Protection Board The Chair (Andrea Jelinek)

Similar Content