The General Data Protection Regulation (GDPR) won’t be disappearing after Brexit, with the government planning to incorporate it into UK law, alongside the Data Protection Act 2018, after we leave the EU. Most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same, whether or not we leave the EU with a deal.
In fact, the Information Commissioner’s Office advises businesses that the best preparation for data protection after Brexit is to ensure you are complying with the GDPR now. We’ve put together a summary of the ICO guidelines for small to medium-sized businesses on staying compliant with GDPR after Brexit.
UK businesses who have no contacts or customers in Europe
If your agency already complies with the GDPR and you have no contacts in the EEA (the EU and Iceland, Norway, and Liechtenstein) who send you data, and no customers in the EEA, all you will need to do is review your privacy information and documentation to identify any minor changes that might need to be made after Brexit.
UK businesses who send or receive data to or from Europe
If a business or organisation in the EEA sends your business personal data, then it will still need to comply with EU data protection laws and you will need to take action with them so the data can continue to flow after Brexit. For most businesses, SCCs (Standard Contractual Clauses) are the best way to keep data flowing into the UK, according to the ICO. SCCs are standard sets of contractual terms and conditions which both the sender and the receiver of the personal data sign up to, and include contractual obligations to protect personal data when it leaves the EEA.
Transfers of data to the EEA will not be restricted after Brexit. This means if you send data from the UK to the EEA, you will still be able to do so, and you don’t need to take any additional steps, except review your privacy information and documentation to identify any minor changes that might need to be made after Brexit.
For more information on data protection after Brexit, see ico.org.uk.
Oh Goodlord Limited is an Appointed Representative of Goodlord Protect Limited for general insurance products and credit broking. Goodlord Protect Limited is directly authorised by the Financial Conduct Authority, registration number 836727. You can check this information on the Financial Services Register by visiting www.fca.org.uk/register or by telephoning 0800 111 6768 (Freephone) or 0300 500 8082 from the UK. The FCA is the independent watchdog that regulates financial services.