As you know on Thursday 31st October the UK is scheduled to leave the EU. But what does that mean in terms of EU laws and GDPR?
Data protection has been a major topic of ours over the last couple of years with a focus on becoming compliaint with the new regulations. This has meant implementing GDPR projects in making sure companies comply with the new regulations.
The question we now get asked a lot is, so will I have to start again?
As you know The GDPR is an EU regulation. A no-deal Brexit would mean the end of the EU GDPR in the UK, we have already adopted GDPR into UK law my absorbing it into the Data Protection Act 2018. The law in most respects, is the same as the EU GDPR, albeit with some contextual changes. However, advice from the ICO is “The UK is committed to maintaining the high standards of the GDPR (General Data Protection Regulation) and the government plans to incorporate it into UK law after Brexit”.
From the EU’s perspective, the UK will become an external country. This will have implications for international personal data transfers and for dealing with individuals based in the EU and EEA. What this means is that some mechanisms such as standard contractual clauses and documentation may be required, and for larger companies that operate in the EU you may need to appoint a European Representative.
So in summary, some companies may need to tweak employment and sales contracts after Brexit and a review of Privacy Policies and Data Handling Procedures is also our recommendation.
You can get more information and advice on Data Protection and a No-Deal Brexit from the ICO website. https://ico.org.uk/for-organisations/data-protection-and-brexit/data-protection-and-brexit-for-small-organisations/