The United Kingdom of Great Britain & Northern Ireland (UK) formally left the European Union (EU) on 31 January 2020. This act was recognised by the UK’s the European Union (Withdrawal Agreement) Act 2020 and the EU’s The Withdrawal Agreement.
Since Cloudalize has a UK-based data centre, we want to inform our customers in the EU and the European Economic Area (EEA)* what this means for data transfers and continued operations.
*The EEA is comprised of 3 member states: Iceland, Liechtenstein and Norway.
Since 2016, successive British governments have passed special legislation which specifically concern UK-EU data transfers:
- Section 3 of the European Union (Withdrawal) Act 2018 (EUWA) absorbed the General Data Protection Regulation (GDPR) into British law immediately after withdrawal from the European Union.
- Data Protection Act 2018 (DPA), complements GDPR and goes further by means of including national security and the Information Commissioner Office (ICO), the British data protection agency, into British legislation.
These acts extend to the whole of the United Kingdom of Great Britain and Northern Ireland.
On 24 April 2021, the European Parliament ratified the UK-EU Trade and Cooperation Agreement (TCA) published on 24 December 2020. This guarantees the UK as being “data adequate” under GDPR and the Law Enforcement Directive until the formal process for data adequacy – announced on 19 February 2021 – is finalised.
The TCA guarantees that data transfer can continue unimpeded from Cloudalize’s UK-based data centre to Cloudalize customers within the EU and EEA.
Cloudalize customers in the Faroe Islands, the Channel Islands, the Isle of Man, Israel and Switzerland will continue to have the same rights and privileges in data protection legislation as before. These rights are guaranteed by EU, UK and national or regional legislation in the respective territories.
If you require further information on the subject of the UK’s withdrawal from the EU, Cloudalize has a list of resources in the bibliography below or alternatively, you can contact Cloudalize’s Data Protection Officer at dpo[at]cloudalize.com.
Note: The information contained on this page was correct on the date of publication, 15 November 2019. Updated on 26 April 2021.
- Her Majesty’s Stationery Office and Queen’s Printer (2018) European Union (Withdrawal) Act 2018 Available here
- Her Majesty’s Stationery Office and Queen’s Printer (2018) Data Protection Act 2018 Available here
- Her Majesty’s Stationery Office and Queen’s Printer (2020) European Union (Withdrawal Agreement) Act 2020 Available here
- Her Majesty’s Stationery Office and Queen’s Printer (2020) European Union (Future Relationship) Act 2020 Available here
- European Commission (2021) Data protection: European Commission launches process on personal data flows to UK [Press Release]. 19 February 2021 Available at: Data protection: draft UK adequacy decision (europa.eu) (Accessed: 20 February 2021).
- British Government (2020) Using personal data in your business or other organisation Available here
- British Government (2021) Brexit: new rules are here Available here
- UK Information Commissioner’s Office (2019) International data transfers Available here
- UK Information Commissioner’s Office (2019) Guide to Data Protection Available here
- Publications Office of the EU (2019) Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community Available here
- European Commission (2020) EU-UK Trade and Cooperation Agreement: protecting European interests, ensuring fair competition, and continued cooperation in areas of mutual interest Available here
- European Commission (2020) The EU-UK Trade and Cooperation Agreement Available here