Brexit

What we’ve been doing in preparation

We’re conscious that our customers and users may have questions around Brexit and so to try and help, we’ve created this page to provide some insight into what we’ve been doing, and are continuing to do, as we now transition through the UK’s departure from the EU and other European institutions.

Does Egress consider Brexit to be a risk?

We do not consider Brexit to be a risk to our business model or the continued delivery of our services to our customers and users.

The picture is in theory now a little clearer after the passing of the European Union (Withdrawal Agreement) Act in January 2020 as a result of which the UK left the EU at midnight CET on 31 January 2020 and entered the transition phase.

During this transition phase there is maintenance of the status quo in many respects.  The UK now continues to remain in the EU’s single market and customs union, but none of the decision making bodies.  We will now continue to monitor the steps and approach of the UK Government, the EU negotiators, and guidance from the Information Commissioner’s Office (ICO) and other European Data Protection Regulators over the coming months as we move towards the end of 2020.

We remain mindful of the potential for a return to concerns around a ‘no deal Brexit’ towards the end of 2020 depending on how the negotiations between the UK and the EU progress over the coming months.

What has Egress been doing to prepare for Brexit?

Since late-2018 we’ve been monitoring the discussions between the UK Government and the EU. In line with guidance from the Information Commissioner’s Office (ICO), we made preparations based on a ‘no deal Brexit’ during the uncertainty in 2019.

A key part of our preparations was to review our supplier contracts to make sure they contain legal mechanisms to comply with the requirements caused by a ‘no-deal Brexit’.

We also updated our privacy policies to refer to the UK territories as well as the EEA where this is relevant to the processing activities that we carry out in respect of personal data. You can see more on these at our Legal Hub here.

Does Egress use any sub-processors to process personal data outside of the UK?

Yes. You can find details of the sub-processors involved in delivering our services at www.egress.com/subcontractors. Some of these sub-processors may use data centres that are located outside of the UK (e.g. in either the United States or the EEA).

How will transfers of personal data between the UK and the EEA using Egress services be permitted post-Brexit?

As a result of the UK and EU now being in a transition phase during which a status quo will be maintained in many respects, there will be no noticeable impact on transfers of personal data in this way in the short term.

We remain mindful of the potential for a return to concerns around a ‘no deal Brexit’ towards the end of 2020 depending on how the negotiations between the UK and the EU progress over the coming months.

How will transfers of personal data between the EEA and the United States using Egress services be permitted post-Brexit?

We have updated our EU/US and Swiss/US Privacy Shield information and self-certification with the United States Department of Commerce in line with regulatory guidance. You can read more in our Service Privacy Policy here.

Our supplier contracts already contain mechanisms to lawfully permit transfers of personal data outside of the EEA to the US where required to deliver our services to our customers and users in accordance with our Service Privacy Policy here.

Is there anything I need to do with Egress to prepare for Brexit?

  1. If you entered into a subscription with us before 25th January 2019 and have not renewed onto our latest terms since then, then we ask that you sign a copy of our Brexit variation which is available here under Additional Service Terms. This simply amends the terms of your agreement with us to reflect that part of the service delivery currently does, and post-Brexit will continue to, take place in the UK (Brexit will mean that the UK will not be part of the EU, and potentially the EEA, and this variation simply refers to the UK separately to allow for this).
  2. If you’re an EEA/EU-based customer, or your use of our services includes the transfer of personal data from the EEA to the UK, then we also ask that you also sign our DPA which can be found here under Additional Service Terms. This ensures that we have signed the EU’s Standard Contract Clauses with you to lawfully permit these transfers post-Brexit.

View our legal hub

Click here