ico Created with Sketch.


Three ways to prepare for Brexit-related data protection regulations

Data protection regulationsAs part of the deal Britain agreed with the European Union (EU), data protection regulations will remain largely the same for most businesses.

In May 2018, the General Data Protection Regulation (GDPR) rules came into effect, which changed the way businesses can legally use customer data. These EU regulations are also part of UK law, set out in the Data Protection Act, meaning they will remain in place even though the UK has left the EU.

The Brexit deal contains a temporary agreement on data to allow the EU time to ratify a data adequacy agreement, which would mean that the UK is certified as meeting EU standards on data.

If you already comply with GDPR and don’t have any contacts or customers in the European Economic Area (EEA), then it’s likely you adhere to the existing data protection rules. However it’s always worth checking everything is covered.

If you do have customers or a presence in Europe, there will be some steps for you to take to ensure data can continue to flow into the future.

Three things you can do to comply with data protection regulations

(1) Make sure you are GDPR compliant

The new GDPR rules came into effect in 2018 and while the UK is expected to continue to align with EU GDPR going forward, there may be some additional steps you need to take if you operate in Europe or have European customers. From a data protection point of view, the best thing you can do is to double check that you’re covered. This means making sure that your systems and processes, as well as all of your data on customers in both the UK and the European Economic Area (EEA), are compliant.

Further reading

(2) Ensure you’re able to send or receive data from Europe

Transfers of data in and out of the EEA will not be restricted, so if you’re sending data to any of the countries in that area, you need to continue to make sure it is GDPR compliant. If you are receiving personal data from a business or organisation in the EEA, you will need to take action to make sure this can continue. Utilising Standard Contractual Clauses (SCCs), standard sets of contractual terms and conditions, is the best way to make this happen.

Further reading

  • The ICO has developed a tool to help you find out whether this solution works for your business, and which SCCs you need

(3) Check whether you need to appoint a representative in the EEA

Even if you’re UK based, if you operate in the EEA, or gather data on any individuals from the region, there may be more you need to do in order to comply with the EU data protection regime. You may need to appoint a suitable representative in the EEA, who will act as your contact for the authorities.

Further reading

Leave a reply

Your email address will not be published.

Don’t miss a beat.

Get the latest stories and support available on Rebuild straight to your inbox.