Trial Today Get in touch
close

Preparations for Brexit

We’re conscious that our customers and users may have questions around Brexit and so to try and help, we’ve created this page to provide some insight into what we’ve been doing, and are continuing to do, as we move towards the UK’s potential departure from the EU and other European institutions.

Does Egress consider Brexit to be a risk?

We do not consider Brexit to be a risk to our business model or the continued delivery of our services to our customers and users.

The picture is in theory now a little clearer after the recent General Election as the Conservatives, who have openly backed Brexit, now have a significant majority in Parliament. This aside, we will continue to monitor the steps and approach of the UK Government, the EU negotiators, and guidance from the Information Commissioner’s Office (ICO) and other European Data Protection Regulators over the next 5-6 weeks as we move towards the current exit date of 31 January 2020.

It is now expected that the UK Government will look to pass the Withdrawal Agreement Bill into UK national law before 31 January 2020. Presuming this occurs and the EU Parliament also consents to this Agreement, then we will enter a transition/implementation period during which the status quo will be maintained.

We remain mindful of the potential for a return to the ‘no deal Brexit’ concerns towards the end of 2020 depending on how the negotiations between the UK and the EU progress over the coming months.

What has Egress been doing to prepare for Brexit?

Since late-2018 we’ve been monitoring the discussions between the UK Government and the EU. In line with guidance from the Information Commissioner’s Office (ICO), we’ve been making preparations based on a ‘no deal Brexit’.

A key part of our preparations has been to review our supplier contracts to make sure they contain legal mechanisms to comply with the requirements caused by a ‘no-deal Brexit’.

We have also updated our privacy policies to refer to the UK territories as well as the EEA where this is relevant to the processing activities that we carry out in respect of personal data. You can see more on these at our Legal Hub here.

Does Egress use any sub-processors to process personal data outside of the UK?

Yes. You can find details of the sub-processors involved in delivering our services at www.egress.com/subcontractors. Some of these sub-processors may use data centres that are located outside of the UK (e.g. in either the United States or the EEA).

How will transfers of personal data between the UK and the EEA using Egress services be permitted post-Brexit?

It is now expected that the UK Government will look to pass the Withdrawal Agreement Bill into UK national law before 31 January 2020. Presuming this occurs and the EU Parliament also consents to this Agreement, then we will enter a transition/implementation period. During this the current status quo will be maintained and so, in the very short term, there will be no noticeable impact on transfers of personal data in this way.

We remain mindful of the potential for a return to the ‘no deal Brexit’ concerns towards the end of 2020 depending on how the negotiations between the UK and the EU progress over the coming months.

How will transfers of personal data between the EEA and the United States using Egress services be permitted post-Brexit?

We have updated our EU/US and Swiss/US Privacy Shield information and self-certification with the United States Department of Commerce in line with regulatory guidance. You can read more in our Service Privacy Policy here.

Our supplier contracts already contain mechanisms to lawfully permit transfers of personal data outside of the EEA to the US where required to deliver our services to our customers and users in accordance with our Service Privacy Policy here.

Is there anything I need to do with Egress to prepare for Brexit?

  1. If you entered into a subscription with us before 25th January 2019 then we ask that you sign a copy of our Brexit variation which is available here under Additional Service Terms. This simply amends the terms of your agreement with us to reflect that part of the service delivery currently does, and post-Brexit will continue to, take place in the UK (Brexit will mean that the UK will not be part of the EU, and potentially the EEA, and this variation simply refers to the UK separately to allow for this).
  2. If you’re an EEA/EU-based customer, or your use of our services includes the transfer of personal data from the EEA to the UK, then we also ask that you also sign our DPA which can be found here under Additional Service Terms. This ensures that we have signed the EU’s Standard Contract Clauses with you to lawfully permit these transfers post-Brexit.
footer_cesg_2018_258x100 footer_skyhigh_89x100 NATO Common Criteria footer_bsi_iso_178x100