As a result of the UK leaving the EU, the laws in the UK to manage personal data will change at the end of the transition period (31 December 2020) for all organisations, although the extent of the changes will depend on the current data arrangements.
UK organisations without any suppliers, customers or contacts operating in the EU will only see minimal changes, as the UK moves from GDPR to an equivalent UK GDPR, although privacy notices will need to be reviewed and, where necessary, updated to reflect the change in law.
The biggest changes will be felt by UK organisations who have operations in Europe, whether customers, suppliers or other local businesses. These organisations will need to review their current contracts and operations to ensure that they continue to comply with both EU and UK GDPR rules. Transfers of personal data from the EEA to the UK will be “restricted transfers” under the GDPR, and will be subject to additional protective measures.
Whilst the UK Government remains confident that an adequacy decision will be approved as part of the continuing trade negotiations, a recent decision in the European Court of Justice calling into doubt the consistency of the UK’s surveillance regime with the data protection principles set out in the GDPR makes this less certain. If the UK is not given an “adequacy” decision, organisations will need to be prepared to put in place alternative international data transfer mechanisms.
Both the UK GDPR and the GDPR require controllers and processors to be accountable for compliance, which requires an appropriate record of the decisions taken about what steps need to be taken and how your organisation is complying.
- Are you sending personal data to or receiving personal data from an EU country?
- Do you offer goods or services to individuals in the EU, which requires a local representative?
- If you are not a UK-based organisation but have UK-based customers, do you have a representative?
Managing personal data laws
There are a number of steps that organisations may need to take to comply with the new UK GDPR regime as a result of leaving the EU. Our data protection experts work with businesses and organisations to help them navigate these issues. Contact us at [email protected] for specific advice and support.
Enjoy That? You Might Like These: