The UK after the Brexit Transition Period

What we have done to prepare for UK’s departure from the EU and other European institutions.

The UK after the Brexit Transition Period

We’re conscious that our customers and users may still have questions around the impact of the expiry of the Brexit Transition period.  To try and help, we continue to update this page to provide some insight into what we have done to prepare for this and the UK’s departure from the EU and other European institutions.

Does Egress consider the expiry of the Brexit Transition Period to be a risk?

We do not consider the expiry of the Brexit Transition Period to be a risk to our business model or the continued delivery of our services to our customers and users.

Under the terms of the EU-UK Trade and Co-operation Agreement (as adopted into UK law by the European Union (Future Relationship) Act 2020), data flows are permitted to continue from the EU and EEA states to the UK without additional safeguards for a period of up to 6 months from 1 January 2021, effectively maintaining the position on transfers that applied during the Brexit transition period.

We are conscious that there are both steps that can be taken by the UK Government, or measures that could be approved by the European Commission, that may impact on this permission, and so we will keep this under review. 

What has Egress been doing to prepare for moving on after the Brexit transition period?

Since late-2018 we have been monitoring the discussions between the UK Government and the EU.

A key part of our preparations involved reviewing our supplier contracts to make sure they contain legal mechanisms to comply with the requirements caused by the UK’s departure from the EU and other European institutions.

We also updated our privacy policies to refer to the UK territories as well as the EEA where this is relevant to the processing activities that we carry out in respect of personal data. You can see more on these at our Legal Hub here.

We have also made resources available on our Legal Hub to enable customers to ensure that they have the appropriate terms in place with us through signature of our Data Processing Addendum.

Does Egress use any sub-processors to process personal data outside of the UK and/or the EU/EEA?

Yes. You can find details of the sub-processors involved in delivering our services at www.egress.com/subcontractors. Some of these sub-processors may use data centres that are located outside of the UK (e.g. in either the United States or the EU/EEA).

How will transfers of personal data between the EU/EEA and the UK using Egress services be permitted post-Brexit?

Under the terms of the EU-UK Trade and Co-operation Agreement (as adopted into UK law by the European Union (Future Relationship) Act 2020), data flows are permitted to continue from the EU and EEA states to the UK without additional safeguards for a period of up to 6 months from 1 January 2021, effectively maintaining the position on transfers that applied during the Brexit transition period.

We are conscious that there are both steps that can be taken by the UK Government, or measures that could be approved by the European Commission, that may impact on this permission, and so we will keep this under review.

Data is also permitted to flow from the UK to the EU/EEA and to countries which, as at 31 December 2020, were covered by a European Commission adequacy decision.

How will transfers of personal data between the EU/EEA and the United States using Egress services be permitted post-Brexit?

We updated our EU-U.S. and Swiss-U.S. Privacy Shield information and self-certification with the United States Department of Commerce in line with regulatory guidance. Whilst the Court of Justice of the European Union (CJEU) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) ruled the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks invalid in the summer of 2020, we remain committed to the Privacy Shield Principles.  In recognition of our continued commitment, in October 2020 we self-certified with the International Privacy Verification programme (IPV). The IPV’s assessment criteria are aligned with those of the Privacy Shield and therefore by certifying with the IPV we are able to continue to demonstrate our compliance with the core Privacy Shield Principles in relation to the protection of personal data transferred outside of the UK and EU.  You can read more in our Service Privacy Policy here

Our supplier contracts already contain mechanisms to lawfully permit transfers of personal data outside of the EEA to the US where required to deliver our services to our customers and users in accordance with our Service Privacy Policy here.  You can find details of these at www.egress.com/subcontractors.

Is there anything I need to do with Egress following expiry of the Brexit transition period?

If you are an EEA/EU-based customer, or your use of our services includes the transfer of personal data from the EU/EEA to the UK, then please make sure that you have signed our DPA which can be found here. This ensures that we have the right terms in place to meet the requirements of data privacy laws and we have both signed the EU’s Standard Contract Clauses to lawfully permit transfers outside of the EEA/EU through your use of our services as the UK moves forwards.

 

View our legal hub

Click here