If you are a UK business processing EU personal data you need to act now.

On the 1st January 2021 it is almost certain that your current processing activities will not be GDPR compliant.

Not sure why? Read our blog here Why the UK may not get a GDPR adequacy ruling and what that really means.

As part of the BREXIT GDPR Audit service we will:

  1. Assess your current transfers to find out where your risks are
  2. Document what actions are available to legalise your processing
  3. Work with you to implement any changes required

The service works in 3 stages, stages 1 and 2 are a fixed price based on your business profile. We quote for stage 3 after completing stage 2 and you can decide whether you wish to commission us for any or all of the work – no obligation.

What you get at each stage


  1. Audit and catalogue of where your business processes EU personal data
  2. Review of the current legal mechanisms in place (including SCC’s, BCR’s, and derogations)
  3. Document the likely risks and issues with EU personal data transfers post Brexit
  4. Provide a full report

Actions Required

In consideration of the types of EU personal data being processed and the agreements and lawful basis they are being processed under, GDPR Auditing will provide recommendations on how to process the EU data legally where possible (see CAUTION below).

CAUTION: You should not underestimate the impact of BREXIT. The processing of EU personal data is going to become much more difficult. An easy or cheap solution may not be available to all businesses. Options may not always enable legal personal data transfers to the UK from Europe. Actions required do not exclude stopping processing 


It is almost certain that some action, actions or combination of actions will be necessary in order to legalise the processing of EU personal data.

The implementation service includes but is not limited to:

  1. Revising Privacy Policies
  2. Designing and implementing new technology and security solutions
  3. Reworking Standard Contractual Clauses
  4. Validating derogations for certain types of transfers
  5. Writing EU – UK data processing statements
  6. Sourcing a suitable EU representative
  7. Sourcing and contracting other EU based services and suppliers
  8. Data cleansing
  9. Creation of a data processing holding page

Contact Us

If you would like to know more about how GDPR Auditing can help your organisation with Privacy Shield, GDPR or PCI-DSS then please contact us at or visit our contacts page.

The information provided on this page is for general information only and is not intended to provide legal advice.