Post-Brexit Data Protection and GDPR
Data Protection after the Brexit Transition Period
The UK has left the EU and the transition period to allow the UK to negotiate a new relationship with the EU comes to an end on 31 December 2020. As it stands, no deal has been agreed. In relation to data protection, organisations who process and transfer personal data internationally need to review their practices to ensure they will continue to comply with data protection laws following the end of the transition period. The UK is due to become a “third country” under the GDPR and this will significantly impact organisations with operations across both the UK and EU.
The GDPR came into force in May 2018 and the UK supplemented its provisions with the Data Protection Act 2018 (DPA). Following the end of the transition period, the DPA will remain in force and the UK government has committed to implementing the provisions of the GDPR into UK law, keeping UK data protection legislation largely in line with EU laws. However, there will be some key changes that UK businesses need to be aware of, including transfers of data into and out of the UK.
Is your Organisation Ready?
If your organisation’s operations extend beyond the UK, then you need to understand and consider your international flows of personal data. This is particularly vital for organisations that carry out international personal data transfers, especially UK organisations sending or receiving personal data to or from the EEA.
To ensure that your operations remain lawful after the end of the transition period, there may be steps that you need to take:
- If you are a UK business receiving personal data from the EEA, you may be required to implement safeguards for these transfers to be lawful.
- If you process personal data about customers or other individuals located in EEA countries, you may be required to designate an appropriate representative within those territories.
Preparing for 2021
To read more click HERE