UK Data Protection Post-Brexit is a hot topic. Therefore this blog aims to provide clear guidance for you to consider. Please don’t hesitate to contact us for any additional clarifications or questions you may have.
Will GDPR Still Apply In The United Kingdom?
Firstly the GDPR is European regulation and technically it no longer applies to the UK once we have left the EU. However if you operate inside the UK, you will need to comply with UK data protection law. The GDPR has been incorporated into UK data protection law as the UK GDPR. So in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR. Thus business have a direct responsibility up uphold their legal responsibilities to be able to demonstrably show and maintain compliance annually with the UK GDPR and thus the EU GDPR also.
Do Businesses in the UK need a European Representative?
This is another question that our outsourced Data Protection Officers have been asked frequently. If the bulk of your business is done in the European Economic area you may need to appoint an EU representative. In most cases this is a voluntary position and business see the value in having a nominated data protection representative.
Transferring data to and from the EEA:
Transfers of data from the UK to the European Economic Area are not restricted. The EU has agreed to delay transfer restrictions from the EEA to the UK for at least another four months. This can be extended to six months if required. Overall this enables personal data to flow freely from the European Economic Area to the UK. Keep in mind this is until either adequacy decisions are adopted, or the bridge ends.
Our team of qualified data protection and information security consultants suggest the following. If you receive personal data from the EEA, put alternative safeguards and compliance measures in place.
Is PECR or ePrivacy still applicable? UK Data Protection Post Brexit:
As our team of data protection consultants have outlined previously. The current PECR rules cover marketing, cookies and electronic communications. This means that UK businesses will also have to comply with the PECR. They will continue to apply at the end of the transition period. In most cases it will be seen as best practice for UK businesses. The ICO will still be taking regulatory action against those businesses who fail to implement the correct framework.
Does NIS still apply to UK businesses?
Yes. The NIS rules cover network and information systems. They derive from EU law but are set out in UK law. This means they are enforceable in the UK so businesses here will need to comply with ether regulations. Our outsourced data protection officer would advise that If you are a UK-based digital service provider offering services in the EU, you may need to appoint a representative in one of the EU member states in which you offer services. You need to comply with the local NIS rules in that member state. If you also offer services in the UK, you also need to continue to comply with the UK rules regarding your UK services.
UK Data Protection Post-Brexit: Does the freedom of information act still apply
The Freedom of Information Act 2000 forms part of UK law and will continue to apply once we have officially left the EEA. For businesses in the UK, it’s very important that a clear framework of how they aim to comply is set out. With clear mesures detailing the data protection act 2018 and or the general data protection regulations.
UK Data Protection Post-Brexit Summary:
Our team of outsourced data protection officers are currently in the process of consulting with numerous businesses on how they can implement compliance post Brexit. It’s clear that many businesses are now looking to engage a data protection compliance partner. This strategy allows businesses to focus on key business functions whilst leaving the information security and data protection compliance to the experts. In most cases, we have found that engaging our services improves consumer confidence in your brand and services. We have found that with our approach, the data protection compliance process is smooth and easy to monitor or manage. Further to this feel free to contact our highly experienced team of outsourced data protection officers and information security consultants for a free consultation around how to best approach data protection in 2021.
Compliance Direct Solutions: Business Data and Privacy Compliance Consultants in Greater Manchester.
UK GDPR guidance and resources: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/