Event report T.I.C. - Informatique

GDPR, Brexit & Cybersecurity: how to secure your data transfers post-Brexit

The transition period for personal data transfers from the EU to the UK will end on 30 June 2021. After that, the UK will be subject to GDPR restrictions as a "third country". Nicholas Cullen, Partner at Altij Law Firm, and Violetta Janciuke, IT Security Senior Consultant at U-Need UK, shared an overview of the current situation, the next steps, and some key points for businesses to monitor in order to remain compliant.


  • An adequacy decision in favour of the UK remains a probable outcome at this stage but is not certain and is subject to future legal challenges and/or review by the Commission.
  • Companies transferring personal data to the UK should therefore anticipate a possible requirement to put in place GDPR safeguards, in particular standard clauses, by:
    • identifying the data recipients the UK
    • agreeing in principle to implement the appropriate legal mechanisms
    • considering what additional technical measures may be necessary, both as a matter of compliance and cybersecurity best practice
  • Legal words and agreements alone cannot ensure data protection. It is crucial to implement the correct security controls with the right IT tools and effective processes to protect the personal data entrusted to your organisations, considering: 
    • Minimising the amount of personal data to be transferred to the UK with anonymisation, pseudonymisation and secure multi party computation
    • Encrypting data at all stages of the data transfer
    • Ensuring only authorised persons access the appropriate data, and do so securely. Implement logging and monitoring solutions for auditing internal processing of personal data.


Download the slides

Watch the recording

U-Need UK is a cybersecurity consultancy company. U-Need aims to provide an end to end cybersecurity service, to support its clients in managing all the risks and in maintaining the right level of protection of your IS. U-Need’s capabilities include data protection and encryption, identity access management, SOC & SIEM deployment, security cloud architecture and deployment, risk analysis and pentesting

Share this page Share on FacebookShare on TwitterShare on Linkedin