Your Brexit-Checklist regarding data protection

The following list is intended to help you identifying the measures your enterprise needs to take for complying with the new legal requirements after Brexit:

  • What personal data of your company are processed in the UK? 
  • What data of UK citizens are processed by you?
  • Is there a legal basis for each processing?
  • Is the UK listed as a new third country in your records of processing activities?
  • As to consents: Are those sufficiently recorded or does additional information on the new legal situation have to be submitted?
  • Do measures need to be taken to ensure an adequate level of data protection? Do you have sufficient information from your cooperation partners?
  • Do your data privacy policies (employees, website, customers) need to be adapted? Has the UK representative been listed?
  • Will affected persons be informed on the data being processed in the UK? Did you ensure that affected parties will be informed on the processing of data in the UK when initiating a request according to Art. 15 GDPR (right of access)?
  • Are data protection impact assessments to be updated or repeated with respect to the new legal situation?  


Autor: Dr. Karolin Nelles