Information for EEA based organisations transferring personal data to the FRC
The UK left the EU on 31 January 2020 and is now in the ‘transition’ period. During this period, the GDPR will continue to apply. It is anticipated that, at the end of that period, the provisions of the GDPR will be incorporated into UK law and will sit alongside the Data Protection Act 2018.
Negotiations are due to take place between the UK and the European Commission during the transition period, where further arrangements are likely to be needed in order to ensure that data can continue to flow between the UK and Europe. In particular, until the European Commission issues a decision regarding the UK’s data adequacy, it is anticipated that all EEA based organisations will need to implement “appropriate safeguards” before transferring personal data to the FRC.
We are keen to assist EEA organisations (such as our fellow Statutory Audit competent authorities and firms wishing to register with us as a Third Country Auditor) with their compliance efforts so as to facilitate, as far as possible, the continuing smooth transfer of personal data to the FRC.
To this end, we make the following commitments:
- We have signed a copy of the European Commission approved controller to controller standard contractual clauses (Model Clauses) (PDF) and have populated Annex B of the same to capture the main types of scenario in which EEA based organisations transfer personal data to the FRC. Signing these clauses as “data exporter” provides you with a GDPR compliant appropriate safeguard for continuing to share personal data with us.
- If you would like to rely on Model Clauses but are unable to sign the above mentioned copy (e.g. because Annex B does not adequately describe the circumstances of your transfer), please send your proposed Model Clauses to email@example.com.
- If you intend to rely on an alternative safeguard to transfer personal data to the FRC and you need our signature (e.g. on an administrative arrangement or on clauses approved by the data protection supervisory authority in your country) or would like to discuss this matter further, please contact firstname.lastname@example.org.
The FRC complies, and will continue to comply, with the requirements of the General Data Protection Regulation 2016/679 and the Data Protection Act 2018.
All personal data provided to us will be handled as explained on the privacy pages of this website.