The Advertising Association promotes the role and rights of responsible advertising and its value to people, society, businesses and the economy. We represent UK advertisers, agencies, media owners and tech companies on behalf of the entire industry, acting as the connection between industry professionals and the politicians and policy-makers.

A A A

The Advertising Association focuses on major industry and policy areas that have huge ramifications on UK advertising. This section contains our work around public health, gambling advertising, data and e-privacy, trust, the digital economy and more.

Credos is the advertising industry’s independent think tank. It produces research, evidence and reports into the impact and effectiveness of and public and political response to advertising on behalf of UK advertisers in order to enable the industry to make informed decisions.

Front Foot is our industry’s member network of over 90 businesses across UK advertising. It aims to promote the role of responsible advertising and its value to people, society and the economy through a coalition of senior leaders from advertisers, agencies and media owners.

We run a number of events throughout the year, from our annual LEAD summit to the Media Business Course and regular breakfast briefings for our members. We are also the official UK representative for the world’s biggest festival of creativity – Cannes Lions.

International Data Transfers

/ February 6th 2019
Brexit and Trade Policy News Data Protection, e-Privacy and Digital Information

The GDPR currently governs data processing within the EU and EEA and data can move freely between all members. Adequate data protection safeguards, as determined by the EU, are a prerequisite to any transfer of data non-member state, known as a ‘third country’. There are currently 13 third countries with adequacy or partial adequacy status.

Brexit and Data

Now that the UK has left the EU, it is defined as a third country under the GDPR. As highlighted earlier, personal data transfers to third countries are restricted unless one of the recognised legal bases to transfer the data internationally is established. The UK has already declared that it will transitionally recognise all EEA states, EU and EEA institutions, and Gibraltar as providing an adequate level of protection for personal data after exit.  In other words personal data can continue to flow to these destinations after Brexit, but the UK has made clear that this decision will remain under review.

The EU, however, still needs to conduct a data adequacy assessment for personal data to flow freely in the other direction i.e. from the EU/EEA to the UK. The EU has made a commitment in the Political Declaration to complete a data adequacy decision before the end of the transition period (31 December 2020). This assessment will happen in parallel to the negotiations of the future UK-EU trade agreement.

An EU data adequacy decision is by no means guaranteed and in the unlikely case that the UK does not get an EU data adequacy decision, UK organisations will need to ensure that their data processing meets the EU standards for third countries to continue the transfer. Binding Corporate Rules maybe appropriate for intra-Group transfers. Similarly, for UK organisations to receive data from third party EU organisations, then standard contractual clauses (SCCs) will be more appropriate. The ICO has an interactive tool for SMEs to decide whether SCCs can help you maintain the flow of data and how to choose, understand and complete the right one for your needs.

Further information on ensuring your data meets the standard for no-deal Brexit preparations can be found here. Again, if you have any specific questions we recommend you seek the advice of a legal adviser.