The United Kingdom has now left the European Union and is within the transition period laid out within the European Union (Withdrawal Agreement) Act 2020. Over the past year, Exclaimer has been busy preparing for this eventuality, to primarily ensure that all existing data protection laws continue to be adhered to.
Exclaimer would like to reassure our customers that this event does not affect our ability to deliver our service, operate our solutions or affect our ability to comply with country specific data protection laws, such as the GDPR in any way. Our very rigorous ISO 27001 Certification backs up our very stringent and focused view on Data Security.
The GDPR permits transfers of personal data outside of the European Economic Area only if the country to which the personal data is transferred to has an adequacy decision made in respect of it, if appropriate safeguards are in place, or where one of the derogations in article 49 of the GDPR applies.
If you are one of our customers based in the EU, our email signature services are already provided via two data centers within the EU and so there will be no international transfer at this point. However, there may be situations where your employees need to email Exclaimer in the UK in connection with the services (such as raising a support ticket) – these emails may contain the employee’s name, telephone number, job title etc. Exclaimer have consulted specialists in this regard to give peace of mind to our customers. Our position is that where emails are exchanged between the UK and the EU which constitute an international transfer of personal data, our customers will be able to rely on the derogation set out in article 49.1(b) of the GDPR.
This derogation provides that the transfer will be permitted where it is required for the performance of a contract between the data subject and the controller i.e. the contract in question is the employee’s employment contract and the email exchanges are required for the employee to perform their employment role for the business.
On this basis, the transfer to Exclaimer in the UK will be lawful. Exclaimer will then have responsibility for that personal data when it receives it.
If you have any further questions about GDPR compliance, please liaise with your Exclaimer representative or email [email protected]