International Data Transfers

Comply with the GDPR after Brexit

The UK will leave the EU by the end of 2020. This will affect how you manage international data transfers and store data. You must also be aware of the enormous penalties for failing to be compliant and most importantly, how you can ensure you don’t fall foul of the GDPR & Brexit conundrum. Let us show you how:

Ensure GDPR Compliant International Data Transfers

Pridatect prevents you being hit with huge fines

Ensure processes are up to date with latest data protection laws

It can be difficult to stay up to date with regional regulations, GDPR vs UK GDPR for example.

Brexit has already brought changes, with more to come

Changing laws mean changing the way data is stored, compliance requirements are shifting.

We are your EU representative

You might need to appoint an EU representative if your company is based in the UK but conducts business with the EU.

How to stay compliant with GDPR and data protection regulations after Brexit

Comply with UK and EU data privacy regulations

GDPR is European legislation, and as such, will mean that once the transition period is over, the UK will no longer be under any obligation to abide by GDPR.


However, the UK intends to incorporate GDPR into UK law, and if this is the case, UK companies will have to be compliant with GDPR albeit a slightly different version, because GDPR will be working in conjunction with the DPA 2018, the UK’s existing data protection law.

If you operate in the UK, you will still need to comply with the UK data protection law. And if you operate in Europe, offer goods or services to individuals in Europe, or monitor individuals behaviour in Europe the EU version of the GDPR still applies to you.


Upon leaving the EU, the UK will be given third country status. This meant that in 2018 the created the DPA as those with third country status are not under the remit of GDPR and so have to have their own stringent data protection laws.

Should a UK based company do business with any company or customer in the EEA, both parties must adhere to GDPR, regardless of the fact the former is based outside the EEA.

Manage international data transfers easily with Pridatect

Personalized advice from legal experts

We are your EU representative

If you have no offices or branches in the EU, but you are offering goods or services to individuals in the EU or monitor behaviour of European individuals, you will have to appoint a EU representative to stay GDPR compliant.


We function as your EU representative as part of our GDPR service package. That means, we act on your behalf regarding your EU GDPR compliance, and we deal with any supervisory authorities or data subjects in this respect.


You can trust in our international legal team of data protection specialists to comply with the GDPR and various other European data privacy regulations.

Frequently Asked Questions

International data transfers in front of the GDPR are transfers of data outside of the European Economic Area (EEA) and thus outside of the protection of the GDPR. 

These type of transfers are restricted under the GDPR, no matter the size of the transfer or how often it occurs.

Transfers of data to the UK will after the Brexit also count as international data transfers, if the UK becomes a third country under the GDPR.

The UK will most likely become a third country after brexit. Therefore any transfer in and out of the UK has to be carefully considered. If data is being transferred outside of the UK, the transfer has to comply with UK data protection regulations. All data transfers from the EU into the UK have to comply with the GDPR. UK companies that are treating personal data from the EU and do not have a EU office, will need to appoint a European representative.

Transfers of data outside of the European Economic Area (EEA) are restricted under the GDPR. Personal data transfers in countries outside of Europe is only permitted in certain cases:

  • Under an Adequacy Decision, which the EU and UK are currently negotiating. Between the EU and US exists an adequacy decision, the EU-US Privacy Shield, which allows private data transfers from the EU to US companies which are certified under the Privacy Shield. 
  • If contractual terms are ensuring an adequate level of protection, which have been approved by the European Commission. Or if a by the European Commission approved code of conduct is in place.
  • International data transfers that are made under BCRs (Binding Corporate Rules) according to the procedure defined by the GDPR.
  • There are some exemptions defined for non-reoccurring transfers as defined in Article 49, GDPR.

Get started today

Find out how Pridatect can help you to take control of your data protection.

Do you have any questions? Get in touch with our sales team.

☏ +1 929-380-2200 | Monday to Friday from 8:00 to 17:00 GMT