New rules on data protection

The UK has now left the EU

From the end of the transition period on 1 January 2021, UK organisations that process personal information of EU residents may need to:

  • Appoint an EU representative.
  • Identify a Lead Supervisory Authority in the EU.
  • Update contracts governing EU-UK data transfers to incorporate Standard Contractual Clauses.
  • Update policies, procedures and documentation in light of those changes.

Failure to comply can result in fines of up to €10 million or 2% of annual global turnover – whichever is greater - and suspension of data processing activities.

The transition period will end in:


Make sure you're ready. Here's what you need to do.

Brexit is coming and with it a number of changes to the way organisations need to deal with personal data.

You can use our checklist to track some of the headline issues and resolve them before you find yourself at odds with the law.

See what actions your organisation needs to take to ensure your data remains safe and compliant. 

Download now

Ensure your transition runs smoothly

IT Governance can help you easily transition your current policies and procedures in line with new legislation whilst minimising business disruption. Our data privacy experts will guide you step by step to ensuring you remain compliant.

UK GDPR and DPA 2018 after Brexit Training Course

Delivered by an experienced data privacy consultant,  this half-day training course will give you an overview of the key changes to GDPR and DPA 2018 after Brexit.

Find out the practical implications and what it means for your business. 

Learn more

UK GDPR and DPA 2018 Data Protection Assessment

Assess your organisation’s data protection preparations following Brexit and identify any gaps with this two-day GDPR and DPA 2018 assessment.

Get a one-to-one review of your organisational processes and documentation

Learn more

GDPR EU Representative Service

Appoint an EU Representative to legally handle all matters relating to your organisation’s data. 

This fast, efficient and affordable service will enable you to meet your Article 27 obligations.

The EU Representative Service is delivered by data privacy lawyers and experts with vast GDPR compliance expertise. 

Learn more

EU-US Data Transfer Assessment and Action Plan 

Establish your level of compliance related to the location and lawfulness of your data processing with a practical, step-by-step. action plan.

This service will help you remain compliant with the GDPR when transferring personal data outside of the EU following the Schrems II privacy ruling.  

Learn more

Need more information?

I’m a UK organisation but I would like some more advice

Speak to a data privacy expert

I’m an EU organisation, what do I need to know? 

Find out more

I'm a US organisation, what do I need to know?

Find out more

Key resources

This website uses cookies. View our cookie policy
WIN £100