How will it affect our clients?
When the UK leaves the EU, there are likely to be some Data Protection implications.
It is anticipated that if a deal is agreed, the existing arrangements will remain in place during the transition period. Data transfers will be unaffected until the end of that period, by which time a new arrangement should be in place.
If a deal is not agreed, the UK Information Commissioner has stated that the transfer of data to the EU from the UK will still be permitted. However, the transfer of data from the EU to the UK will be subject to the GDPR requirements for transfers to countries outside the EU.
Currently we use AWS hosting based in Ireland and Germany. As the UK will be outside the EU at that point, client data would then be classed as being transferred to/from a country that is outside the EU.
We have investigated the feasibility of moving hosting to the UK. However, we believe that in the event of the UK leaving without a deal, the demand for such resources would be considerable and the cost and logistics implications are likely to be prohibitive.
The ICO has stated that data can still be transferred from the EU provided relevant contracts include the standard clauses as defined in the GDPR.
As a result, our current stance is that in the event of a no-deal exit we will retain hosting in the EU, at least in the short-term, and we will be issuing revised Data Processing Addendums to all clients which will include the standard terms as required by GDPR.
