Schedule Meeting: Brexit Impact Assessment

Book a meeting with a member of the team by using the calendar to see if a Brexit Impact Assessment is the best fit for your organisation. We will take you through the step-by-step process and the benefits of a Brexit Impact Assessment. 

Please accept marketing cookies to schedule appointment.


The United Kingdom’s membership of the European Union ended on the 31st of January 2020. Immediately after this a transitional period commenced. This period is due to end on the 31st of December 2020. This means that on the 1st of January 2021, any personal data being shared with the UK by organisations in the remaining 30 states of the European Economic Area (27 Member states plus Norway, Iceland and Liechtenstein) will no longer have the protection that is integral to EU membership. Their data transfers will have the same status as data being sent to India, China, or Mexico. As such, EU organisations will need to consider the protection of that data to meet their GDPR Chapter V obligations.


What is a Brexit Impact Assessment (BIA)?

PrivacyEngine data protection consultants will assess your organisation to evaluate the flow of data to and from the UK. This will include an evaluation of each data exchange or processing activity involving UK-based entities, whether they are Controllers, Processors or sub-contractors.

After we have evaluated these data flows, we will review your organisation’s data management policies and procedures.

The EU Commission recently drafted long-awaited revisions to the Standard Contractual Clauses (SCCs) which will be an integral safeguard for EU data being transferred to a third country (including the UK). The four possible data transfer scenarios include:

  • EU Controller to Non-EU Controller
  • EU Controller to Non-EU Processor
  • EU Processor to Non-EU Processor
  • EU Processor to Non-EU Controller

Based on this evaluation, we will help you to determine the most suitable SCC module to match your data transfer arrangements and to tailor the contracts to suit your operational activities.

A typical BIA (as outlined) would require three FTE days.

Data Privacy PlatformTM is required for the implementation of a BIA. 

Why your organisation needs a Brexit Impact Assessment (BIA) and why it is important?

  • Be fully prepared for the upcoming changes that Brexit will bring to data protection obligations
  • Ensure your organisation’s flow of data is compliant under the new UK GDPR regulations
  • Get a full review of your organisation’s existing contractual arrangements and the changes needed to adapt to the revised SCC templates
  • You will receive recommendations on changes to policies and data management protocols
  • Gain insight of additional security safeguards