Department for Exiting the European Union External and Stakeholder Contacts Privacy Notice

This privacy notice explains how the Department for Exiting the European Union will process personal data for external and stakeholder contacts


Personal Information Charter


Privacy notices explain in more detail how the Department will handle your data in specific circumstances. The purpose for which we are processing personal data is to allow external contacts and stakeholders to be contacted, and have information shared where applicable.

This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).


The purpose for which we are processing your personal data is so that we can communicate with you.

The personal information is processed for the purpose of making contact with individuals for the following business purposes:

  • making contact with suppliers about services actually or prospectively provided by them (for example, personal information about contact persons at suppliers we use, or about suppliers we may choose to use for occasional tasks).
  • making contact with individuals to inform them, or seek their views, about departmental policies or proposals, outside of a formal consultation process (for example, contact details for people in charities or representative bodies).
  • making contact with customers or clients about services or information provided to them by the Department.
  • making contact with officials in other departments or public bodies (including other governments) to discuss policy proposals or development, communications activity, or operational matters.

The data

We will process the following personal data when we communicate with you:

  • name
  • email address
  • date of birth

Depending on the situation, we may also process one or more of the following:

  • address
  • organisation name
  • organisation address
  • job title
  • phone number/s
  • job type
  • employer
  • events with HM Government that you have attended

Where we have consulted you for your views, the information may include your opinions.

The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. The task is to ensure the effective development, coordination and implementation of government policy.


Your personal data may be shared by us with other government bodies, including government departments and arm’s-length bodies. This would be to assist in the development of government policy.

Your personal data may be shared by us with a GDPR-compliant, approved third party, with the role of distributing large volumes of emails, or who provide events management services. As your personal data will be stored on our IT infrastructure it may also be shared with our data processors who provide email, relationship management, document management and storage services to us.


Personal data will be held in order to make contact with individuals in particular roles. Personal data may be deleted at any time if you ask us to do so. We will contact you via email periodically following your receipt of the initial notice to check that your contact email address is still accurate and to remind you of the opportunity to check and/or ask us to delete your data.

Where personal data was not collected by the Department, it was obtained by other GDPR-compliant government departments and agencies.

Your rights

You have the right to:

  • request information about how your personal data are processed, and to request a copy of that personal data
  • request that any inaccuracies in your personal data are rectified without delay
  • request that any incomplete personal data are completed, including by means of a supplementary statement
  • request that your personal data are erased if there is no longer a justification for them to be processed
  • in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted
  • object to the processing of your personal data
  • object to the processing of your personal data where it is processed for direct marketing purposes

International transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the European Union. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses or the Privacy Shield scheme.

Contact details

The data controller for your personal data is the Department for Exiting the European Union. The contact details for the data controller are:

Department for Exiting the European Union
9 Downing Street
United Kingdom

Telephone: 0207 276 1234


The contact details for the data controller’s Data Protection Officer (DPO) are:

Stephen Jones
Data Protection Officer
Cabinet Office (DExEU)
70 Whitehall


The Data Protection Officer provides independent advice and monitoring of the Department for Exiting the European Union’s use of personal information.


If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane

Telephone: 0303 123 1113


Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

Published 2 October 2019