Yes, but there will be a difference between a deal scenario and a no-deal scenario. The difference between the two scenarios will be explained below.


In order to identify whether and how Brexit will impact processing activities in your company, there are several questions that should be asked.


In case of a no-deal Brexit, the UK will become a third country within the meaning of the GDPR. This would mean that, as of the withdrawal date, any transfer of personal data to the UK would have to be based on one of the transfer mechanisms listed in Chapter V of the GDPR.


Even if the UK does not provide an adequate level of protection of personal data as required by the GDPR, a transfer of personal data to the UK will still be possible if you choose and implement one of the available personal data transfer mechanisms.


The changes that you may have to make following Brexit will need to be reflected in your privacy policy/information notice towards data subjects, and in your internal policies and your GDPR-related documents.


Brexit may have an impact on which supervisory data protection authority is competent for one or more of your data processing activities. After Brexit this will depend on whether you perform cross-border processing, and where you are established.